Critical Product Vulnerability - January 2005 Microsoft Security Bulletin Release
From: Evelyn Ruf \(MS\) (evelynr_at_online.microsoft.com)
Date: 01/12/05
- Next message: Andreas Sturma: "Internettelefonie skype - contra sicherheit"
- Previous message: Michael H. Fischer: "Patch Day Januar 05"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 12 Jan 2005 08:45:47 +0100
Dieses Security Bulletin hat Microsoft heute Nacht herausgegeben:
****************
Microsoft is releasing 3 security bulletins for newly discovered
vulnerabilities in Microsoft Windows.
- 3 Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Critical, MS05-001, MS05-002, MS05-003.
The summary for this month's bulletins can be found at the following
page:
- http://www.microsoft.com/technet/security/bulletin/ms05-jan.mspx
Customers are advised to review the information in the bulletins, test
and deploy the updates immediately in their environments, if
applicable.
Microsoft will host a webcast to address customer questions on these
bulletins. For more information on this webcast please see below:
- Information about Microsoft's January Security Bulletins
- Wednesday, January 12, 2005 11:00 AM (GMT-08:00) Pacific Time (US &
Canada)
-
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032266148&Culture=en-US
- The on-demand version of the webcast will be available 24 hours
after the live webcast at:
-
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032266148&Culture=en-US
**********************************************************************
TECHNICAL DETAILS
MS05-001
Title: Vulnerability in HTML Help Could Allow Code Execution (890175)
Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me)
Affected Components:
- Internet Explorer 6.0 Service Pack 1 when installed on Microsoft
Windows NT Server 4.0 Service Pack 6a or Microsoft Windows NT Server
4.0 Terminal Server Edition Service Pack 6
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason, or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx
**********************************************************************
MS05-002
Title: Vulnerability in Cursor and Icon Format Handling Could Allow
Remote Code Execution (891711)
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of
this bulletin for details about these operating systems.
Non-Affected Software:
- Microsoft Windows XP Service Pack 2
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason, or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
**********************************************************************
MS05-003
Title: Vulnerability in the Indexing Service Could Allow Remote Code
Execution (871250)
Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
Non-Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows XP Service Pack 2
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
Affected Components:
- Indexing Service
Impact of Vulnerability: Remove Code Execution
Maximum Severity Rating: Important
Restart required: This update does not require a restart. The installer
stops the required services, applies the update, and then restarts the
services. However, if the required services cannot be stopped for any
reason, or if required files are in use, this update will require a
restart. If this occurs, a message appears that advises you to restart.
To help reduce the chance that a reboot will not be required, stop all
affected services and close all applications that may use the affected
files prior to installing the security update.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-003.mspx
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should
contact Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary at the number located at
http://support.microsoft.com/security
Thank you,
Microsoft PSS Security Team
-- Gruss Evelyn Ruf Microsoft Deutschland (Microsoft kann für die Richtigkeit und Vollständigkeit der Inhalte in dieser Newsgroup keine Haftung übernehmen.)
- Next message: Andreas Sturma: "Internettelefonie skype - contra sicherheit"
- Previous message: Michael H. Fischer: "Patch Day Januar 05"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
