Results 1 to 3 of 3

Thread: Microsoft Security Patch for January 2005

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001

    Microsoft Security Patch for January 2005

    Nobody wrote the news yet so it's my job being the official AO news whore to write it!

    Microsoft release the Security Bulletin for January 2005.

    Microsoft Security Bulletin Summary for January, 2005

    Vulnerability in HTML Help Could Allow Code Execution (890175)

    Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)

    Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)

    Happy Patching!

    Edit : Here a complete news.

    Microsoft on Tuesday released two critical patches for its Windows operating system, but a patch for the underlying security problems with Internet Explorer 6 is not yet ready for prime time.

    As part of its monthly update release, the company issued a total of three patches--one rated important and two critical. That announcement reflects a more active month than December, when the software giant issued no critical patches for the period.

    "Even though we did not rate any patches critical in December, the two we have in January are not indicative of a year more of this type of situation," said Stephen Toulouse, a Microsoft security program manager.

    One critical patch is designed to resolve the security issues surrounding the HTML Help ActiveX control in Windows. Security experts had warned Microsoft about this problem and were pushing the vendor to take quick action, given that an exploit for the vulnerability existed.

    The patch addresses the potential problem of attackers taking complete control over an affected system, such as placing and executing programs like spyware and pornography dialers without the users' knowledge.

    The second critical patch addresses vulnerabilities in systems from Windows NT servers to Windows XP involving the cursor and icon format handling. Attackers could exploit the vulnerabilities by creating a specially crafted Web page that would have malware.

    "These first two patches address vulnerabilities that have proven exploits, and the third has the potential (for an exploit)," said Jimmy Kuo, a McAfee research fellow.

    Microsoft also issued a third patch for Windows indexing service, with the threat level rated as important but not critical. That's because the indexing component is turned off by default, making it more difficult for an attacker to access index contents in Windows Media, for example, Toulouse said.
    Source : http://news.zdnet.com/2100-1009_22-5532558.html
    -Simon \"SDK\"

  2. #2
    Senior Member
    Join Date
    Jan 2005
    Hey Hey,

    Welcome to the MS05-XXX Series Exploit Range. This year, Microsoft has forgotten to patch 2 Critical Exploits in its HTML Help, also in its Cursor and Icon Format Handling. The second exploit discovered by our great friends at eEye. Also, they say all things happen in three's, well, when it comes to micorosoft, they love that rule. Even went out of their way, just to release 3 vulnerabilities, the third vulnerability is in the Indexing Service (Not that it doesnt suck already). However, unlike its buddies, who allowed Remote Code Execution, the MS05-003 vulnerability is only Escalaltion of Privilages. So, your gonna have to want to bind with another sploit, or keep in your top left jacket pocket.

    (Ok, im at work and really bored. Always did want to be a radio presenter)
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  3. #3
    Senior Member
    Join Date
    May 2003
    guyz anyone using Indexing services .... be carefull...its buffer overflow in the query....can be exploited through a frontend script served via IIS or UNC Shares
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts