Overview of the known problems and publicly known exploits ofthe August 2006 Microsoft patches.

#	Known Problems with this patch	Known Exploits	client rating	server rating
MS06-040	Issue with: Huge memory allocations on Windows 2003 server SP1 (32bit & 64bit), XP (64bit) and 32bit application. Microsoft Business Solutions?Navision 3.70 on above platform. Websense Manager when using terminal services Fix: Hotfix available by calling Microsoft. More information: KB924054 Websense note	Botnets actively exploiting this in  the WILD Exploit available in easy to use package LURHQ - Joe Stewart's analysis Symantec - W32.Wargbot TrendMicro - Worm.IRCBOT.JK and JL McAfee - IRC.Mocbot F-Secure - IRCBOT-ST Symantec - W32.Randex.GEL read more...	PATCH NOW	PATCH NOW
MS06-041	No reported problems		Critical	Critical
MS06-042	Critical issue: This patch introduces a new arbitrary code execution vulnerability on MSIE 6 SP1. Fix: Microsoft re-released MS06-042 on Aug 24th 2006. It is unclear if the hotfix that was available earlier fixes this problem as well. More info: See diary Microsoft Advisory e-eye advisory Securityfocus Issue #1: MSIE 6 SP1 crashes while using multiple application such as Peoplesoft, Siebel, Sage CRM and websites using HTTP 1.1 and compression such as the register. Roll-up patch so it has all older issues as well. Workaround: Workaround to disable HTTP/1.1 Use alternate browser (for problem sites) Fix: Upgrade to MSIE 6 SP2 The re-release of the August 24th is intended to fix this. The fix was supposed to be published by Microsoft on August 22nd, 2006 but was delayed. More Information: KB923762 KB918899 Sage CRM note Issue #2: CA Unicenter Service Desk can cause MSIE to crash, on XP SP2 and Windows 2003 SP1 Workaround: Use the supported Firefox or Mozilla browsers KB923996 Fix: The re-release of MS06-042 is not fixing this problem as far as we know. More information: diary CA comment	Original MS06-42: fixes a.o. a  FTP vulnerability that;s well-known since 2004 First revision of the MS06-042  patch's buffer overglow has details public. Microsoft released it first on the 22nd actual code fragments were publicly released on the 24th after the patch was updated	PATCH NOW	Important
MS06-043	No reported problems		Important	Less urgent
MS06-044	No reported problems		Critical	Critical
MS06-045	No confirmed problems		Critical	Less urgent
MS06-046	No reported problems		Critical	Important
MS06-047	No reported problems	Trojan dropper reported in word document by Symantec, Trendmicro(1) and Trendmicro(2).  The dropper loads a backdoor: Trendmicro, Symantec.  See also diary.	Critical	Less urgent
MS06-048	No reported problems	Trojan dropper in Powerpoint	Critical	Less urgent
MS06-049	Unconfirmed reports about corruption of files on compressed volumes. [Windows 2000 only patch]		Important	Less urgent
MS06-050	No reported problems		Critical	Important
MS06-051	Although unconfirmed by Microsoft so far, there seem to be problems related to Terminal Services and multiple users loading certain DLLs as part of some applications. Details and fixes or workarounds are too sketchy so far. See also the problem with .ini files and citrix at the citrix support forum. We're still lookign for a more detailed discription of the problems.		Critical	Critical