Results 1 to 2 of 2

Thread: August security hotfixes

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    748

    August security hotfixes

    Here is the notice, hot off the presses...



    New Security Bulletins

    Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:

    Critical MS05-038 Microsoft Windows Remote Code Execution
    Critical MS05-039 Microsoft Windows Remote Code Execution and Local Elevation of Privilege
    Important MS05-040 Microsoft Windows Remote Code Execution
    Moderate MS05-041 Microsoft Windows Denial of Service
    Moderate MS05-042 Microsoft Windows Denial of Service, Information Disclosure, and Spoofing
    Critical MS05-043 Microsoft Windows Remote Code Execution

    The summary for this month's bulletins can be found at the following page:

    http://www.microsoft.com/technet/sec.../ms05-aug.mspx

    Re-released Security Bulletins
    In addition, Microsoft is re-releasing the following security bulletins
    (NOTE: This list contains ONLY those products affected by the re-release and the severity of the vulnerability for those products affected by the re-release)

    Important MS05-023 Microsoft Word 2003 Viewer Remote Code Execution
    Moderate, Low MS05-032 Microsoft Windows for 64-bit Systems Spoofing

    Information on these re-released bulletins may be found at the following pages:
    http://www.microsoft.com/technet/sec.../MS05-023.mspx
    http://www.microsoft.com/technet/sec.../MS05-032.mspx

    Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

    Microsoft Windows Malicious Software Removal Tool
    Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:

    http://go.microsoft.com/fwlink/?LinkId=40573

    High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)

    Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and WSUS:

    KB894391
    DBCS attachment file names are not displayed in Rich Text e-mail messages and you may receive a "Generic Host Process" error message after you install security update MS05-012 (894391) WU, MU, SUS, WSUS

    Information about Microsoft’s August Security Bulletins

    Wednesday, August 10, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)

    http://msevents.microsoft.com/CUI/We...CountryCode=US

    The on-demand version of the webcast will be available 24 hours after the live webcast at:
    http://msevents.microsoft.com/CUI/We...CountryCode=US

    **********************************************************************
    TECHNICAL DETAILS
    MS05-038
    Title: Cumulative Security Update for Internet Explorer (896727)

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of the bulletin for details about these operating systems.

    Affected Components:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1

    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition

    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical
    Restart required: Yes
    Update can be uninstalled: Yes

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-038.mspx

    **********************************************************************
    MS05-039
    Title: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition

    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical
    Restart required: Yes
    Update can be uninstalled: Yes

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-039.mspx

    **********************************************************************
    MS05-040
    Title: Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of the bulletin for details about these operating systems.

    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Important
    Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

    Update can be uninstalled: Yes

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-040.mspx

    **********************************************************************
    MS05-041
    Title: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)

    Affected Software:
    • Microsoft Windows Server 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition

    Non-Affected Software:
    • Microsoft Windows 2000 Professional Service Pack 4
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Impact of Vulnerability: Denial of Service
    Maximum Severity Rating: Moderate
    Restart required: Yes
    Update can be uninstalled: Yes

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-041.mspx

    **********************************************************************
    MS05-042
    Title: Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition

    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Impact of Vulnerability: Denial of Service, Information Disclosure, and Spoofing.
    Maximum Severity Rating: Moderate
    Restart required: Yes
    Update can be uninstalled: Yes

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-042.mspx

    **********************************************************************
    MS05-043
    Title: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems

    Non-Affected Software:
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical
    Restart required: This update does not require a restart. To help reduce the chance that a reboot will be required, stop the Spooler service and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012.

    Update can be uninstalled: Yes

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-043.mspx

    **********************************************************************
    MS05-023
    Title: Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)

    Affected Software (re-release only):
    • Microsoft Word 2003 Viewer

    Reason for Re-release: Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects Microsoft Word 2003 Viewer. Microsoft has updated the bulletin with additional information about Microsoft Word 2003 Viewer. Customers who are not using Microsoft Word 2003 Viewer and have previously installed the security updates provided as part of the original release of this bulletin do not need to install the new security update.

    More information on this re-released bulletin is available at: http://www.microsoft.com/technet/sec.../MS05-023.mspx

    **********************************************************************
    MS05-032
    Title: Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

    Affected Software (re-release only):
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows XP Professional x64 Edition

    Reason for Re-release: The original security update successfully addressed the vulnerabilities described in this security bulletin for non 64-bit systems. No additional action is required for non 64-bit customers. However, on 64-bit systems, the kill bit documented in the “Does this update contain any security-related changes to functionality?” FAQ does not correctly get enabled when using a 32-bit version of Internet Explorer. The kill bit does correctly get enabled for 64-bit versions of Internet Explorer. We recommend customers install the revised security update even if you have installed the previous version. The revised security update, as appropriate, will be available through Windows Update, Software Update Services (SUS), and will be recommended by the Microsoft Baseline Security Analyzer (MBSA). It is not necessary to uninstall the prior security update prior to installing the revised security update.

    Note Due to the end of support on June 30, 2005, for some Itanium based systems, the revised security update will not be available on the following operating system versions:

    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    See the FAQ “Security update support for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) and Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) ended on June 30, 2005. I’m still using one of these operating systems, what should I do?” for more information if you are using those operating systems versions.

    More information on this re-released bulletin is available at: http://www.microsoft.com/technet/sec.../MS05-032.mspx

    PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Damn... is it that time already!? Seems like I'm rolling these things out every other week...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •