Important MS05-004 Microsoft .NET Framework Information Disclosure, possible Elevation of Privilege
Critical MS05-005 Microsoft Office Remote Code Execution
Moderate MS05-006 Microsoft Windows SharePoint Services, SharePoint Team Services Remote Code Execution
Important MS05-007 Microsoft Windows Information Disclosure
Important MS05-008 Microsoft Windows Remote Code Execution
Critical MS05-009 Microsoft Windows, Microsoft Windows Media Player, Microsoft MSN Messenger Remote Code Execution
Critical MS05-010 Microsoft Windows Remote Code Execution
Critical MS05-011 Microsoft Windows Remote Code Execution
Critical MS05-012 Microsoft Windows,Microsoft Office, Microsoft Exchange Remote Code Execution
Critical MS05-013 Microsoft Windows Remote Code Execution
Critical MS05-014 Microsoft Windows Remote Code Execution
Critical MS05-015 Microsoft Windows Remote Code Execution

The summary for this month's bulletins can be found at the following page:

- http://www.microsoft.com/technet/sec.../ms05-feb.mspx

In addition, Microsoft is re-releasing 1 security bulletin.
Critical MS04-035 Microsoft Exchange 2000 Server Remote Code Execution

Information on these re-released bulletins may be found at the following pages:
- http://www.microsoft.com/technet/sec.../MS04-035.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft will host a webcast to address customer questions on these bulletins. For more information on this webcast please see below:

- Information about Microsoft's February Security Bulletins (Level 100)
- Wednesday, February 09, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
- http://msevents.microsoft.com/CUI/We...&Culture=en-US

The on-demand version of the webcast will be available 24 hours after the live webcast at:
- http://msevents.microsoft.com/CUI/We...&Culture=en-US

In an effort to further assist customers with detection and deployment of security updates generally, as well as to answer questions about February's bulletins, PSS will be offering a special in-depth technical webcast focused on guidance for detection and deployment. For more information on this webcast please see below:

- Supplemental Technical Information about Detection and Deployment of Microsoft's February Security Updates (Level 200)
- Thursday, February 17, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
- http://msevents.microsoft.com/CUI/We...&Culture=en-US

The on-demand version of the webcast will be available 24 hours after the live webcast at:
- http://msevents.microsoft.com/CUI/We...&Culture=en-US

************************************************** ********************

MS05-004
Title: ASP.NET Path Validation Vulnerability (887219)

Affected Software:
- Microsoft .NET Framework 1.0 Service Pack 2 and Service Pack 3
- Microsoft .NET Framework 1.1 (All Versions)

Affected Components:
- ASP.NET

Impact of Vulnerability: Information Disclosure, possible Elevation of Privilege Maximum Severity Rating: Important

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-004.mspx

************************************************** ********************
MS05-005
Title: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)

Affected Software:
- Microsoft Office XP Software Service Pack 3
- Microsoft Office XP Software Service Pack 2
- Microsoft Project 2002
- Microsoft Visio 2002
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Works Suite 2004

Non-Affected Software:
- Microsoft Office 2000
- Microsoft Office 2003

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: No

Update can be uninstalled: No

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-005.mspx

************************************************** ********************
MS05-006
Title: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

Affected Software:
- Windows SharePoint Services
- SharePoint Team Services from Microsoft

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Moderate

Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart."

Update can be uninstalled: No

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-006.mspx

************************************************** ********************
MS05-007
Title: Vulnerability in Windows Could Allow Information Disclosure (888302)

Affected Software:
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)

Non-Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Impact of Vulnerability: Information Disclosure

Maximum Severity Rating: Important

Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will not be required, stop all affected services and close all applications that may use the affected files prior to installing the security update.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-007.mspx

************************************************** ********************
MS05-008
Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-008.mspx

************************************************** ********************
MS05-009
Title: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)

Affected Software:
- Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP and Windows Server 2003)
- Microsoft MSN Messenger 6.1
- Microsoft MSN Messenger 6.2
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

Non-Affected Software:
- MSN Messenger for Mac
- Windows Media Player 6.4
- Windows Media Player 7.1
- Windows Media Player for Windows XP (8.0)
- Windows Media Player 9 Series for Windows XP Service Pack 2
- Windows Media Player 10

Affected Components:
- Microsoft Windows Messenger version 4.7.2009 (when running on Windows XP and Windows XP Service Pack 1)
- Microsoft Windows Messenger version 4.7.3000 (when running on Windows XP Service Pack 2)
- Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are in use, this update will require a restart. If this occurs, a message appears that advises you to restart.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-009.mspx

************************************************** ********************
MS05-010
Title: Vulnerability in the License Logging Service Could Allow Code Execution (885834)

Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems

Non-Affected Software:
- Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will not be required, stop all affected services and close all applications that may use the affected files prior to installing the security update.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec...MS05-0010.mspx

I am still using Windows NT Server 4.0 Service Pack 6a or Windows NT Server 4.0 Terminal Server Edition Service Pack 6 but extended security update support ended on December 31st, 2004. However, this bulletin has security updates for these operating system versions. Why is that?

Windows NT Server 4.0 Service Pack 6a and Windows NT Server 4.0 Terminal Server Edition Service Pack 6 reached the end of their life cycles on December 31, 2004. On this rare occasion, we believe that this vulnerability presents a serious risk to a broad number of customers. We have previously communicated that we reserve the right to produce updates in these situations. We determined that the best course of action to help protect customers was to release this security update. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin. However, since Windows NT Server 4.0 is no longer in support, this security update will only be available on the Microsoft Download Center and will not be available through Windows Update.
We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but as mentioned previously, we reserve the right to produce updates and to make these updates available when necessary. It should be a priority for customers who have this operating system version to migrate to supported operating system versions to prevent potential exposure to vulnerabilities. For more information about the Windows Service Pack Product Life Cycle, visit the Microsoft Support Lifecycle Web site. For more information about the Windows Product Life Cycle, visit the Microsoft Support Lifecycle Web site.

************************************************** ********************
MS05-011
Title: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems

Non-Affected Software:
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec...MS05-0X11.mspx

************************************************** ********************
MS05-012
Title: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Exchange 2000 Server Service Pack 3 (uses the Windows OLE component)
- Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 Service Pack 1 (uses the Windows OLE component)
- Microsoft Exchange Server 5.0 Service Pack 2 (uses the Windows OLE component)
- Microsoft Exchange Server 5.5 Service Pack 4 (uses the Windows OLE component)
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.
- Microsoft Office XP Service Pack 3 (uses the Windows OLE component)
- Microsoft Office XP Service Pack 2 (uses the Windows OLE component)
- Microsoft Office XP Software:
- Outlook 2002
- Word 2002
- Excel 2002
- PowerPoint® 2002
- FrontPage® 2002
- Publisher 2002
- Access 2002
- Microsoft Office 2003 Service Pack 1 (Uses the Windows OLE component)
- Microsoft Office 2003 (Uses the Windows OLE component)
- Microsoft Office 2003 Software:
- Outlook 2003
- Word 2003
- Excel 2003
- PowerPoint® 2003
- FrontPage® 2003
- Publisher 2003
- Access 2003
- InfoPath(tm) 2003
- OneNote(tm) 2003

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-012.mspx

************************************************** ********************
MS05-013
Title: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution (891781)

Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: This update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-013.mspx

************************************************** ********************
MS05-014
Title: Cumulative Security Update for Internet Explorer (867282) Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
- Internet Explorer 5.01 Service Pack 3 (SP3) on Windows 2000 Service Pack 3
- Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
- Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition: - Review the FAQ section of this bulletin for details about this version.
- Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, on Microsoft Windows XP, or on Microsoft Windows XP Service Pack 1
- Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition: - Review the FAQ section of this bulletin for details about this version.
- Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
- Internet Explorer 6 for Windows Server 2003
- Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
- Internet Explorer 6 for Windows XP Service Pack 2

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: You must restart your system after you apply this security update. You do not have to use an administrator logon after the computer restarts for any version of this update.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-014.mspx

************************************************** ********************
MS05-015
Title: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-015.mspx

************************************************** ********************
MS04-035
Title: Vulnerability in SMTP Could Allow Remote Code Execution (885881)

Affected Software (re-release only):
- Microsoft Exchange 2000 Server Service Pack 3

Affected Components (re-release only):
- Microsoft Exchange 2000 Server Routing Engine component

Reason for Re-release: Subsequent to the release of this bulletin, it was determined that a variation of the vulnerability addressed also affects Exchange 2000 Server. Microsoft has updated the bulletin, on February 8, 2005, with additional information about Exchange 2000 Server and also to direct users to a security update for this additional affected platform.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/sec.../MS04-035.mspx

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft PSS Security Team