Ankündigung

Einklappen
Keine Ankündigung bisher.

Microsoft is releasing 12 security bulletins for newly discovered vulnerabilities

Einklappen
X
Einklappen
 
  • Seite von 1
  • Filter
  • Zeit
  • Anzeigen
Alles löschen
neue Beiträge
Vorherige template Weiter
  • #1

    Microsoft is releasing 12 security bulletins for newly discovered vulnerabilities

    Important MS05-004 Microsoft .NET Framework Information Disclosure, possible Elevation of Privilege
    Critical MS05-005 Microsoft Office Remote Code Execution
    Moderate MS05-006 Microsoft Windows SharePoint Services, SharePoint Team Services Remote Code Execution
    Important MS05-007 Microsoft Windows Information Disclosure
    Important MS05-008 Microsoft Windows Remote Code Execution
    Critical MS05-009 Microsoft Windows, Microsoft Windows Media Player, Microsoft MSN Messenger Remote Code Execution
    Critical MS05-010 Microsoft Windows Remote Code Execution
    Critical MS05-011 Microsoft Windows Remote Code Execution
    Critical MS05-012 Microsoft Windows,Microsoft Office, Microsoft Exchange Remote Code Execution
    Critical MS05-013 Microsoft Windows Remote Code Execution
    Critical MS05-014 Microsoft Windows Remote Code Execution
    Critical MS05-015 Microsoft Windows Remote Code Execution

    The summary for this month's bulletins can be found at the following page:

    - http://www.microsoft.com/technet/sec.../ms05-feb.mspx

    In addition, Microsoft is re-releasing 1 security bulletin.
    Critical MS04-035 Microsoft Exchange 2000 Server Remote Code Execution

    Information on these re-released bulletins may be found at the following pages:
    - http://www.microsoft.com/technet/sec.../MS04-035.mspx

    Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

    Microsoft will host a webcast to address customer questions on these bulletins. For more information on this webcast please see below:

    - Information about Microsoft's February Security Bulletins (Level 100)
    - Wednesday, February 09, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
    - http://msevents.microsoft.com/CUI/We...&Culture=en-US

    The on-demand version of the webcast will be available 24 hours after the live webcast at:
    - http://msevents.microsoft.com/CUI/We...&Culture=en-US

    In an effort to further assist customers with detection and deployment of security updates generally, as well as to answer questions about February's bulletins, PSS will be offering a special in-depth technical webcast focused on guidance for detection and deployment. For more information on this webcast please see below:

    - Supplemental Technical Information about Detection and Deployment of Microsoft's February Security Updates (Level 200)
    - Thursday, February 17, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
    - http://msevents.microsoft.com/CUI/We...&Culture=en-US

    The on-demand version of the webcast will be available 24 hours after the live webcast at:
    - http://msevents.microsoft.com/CUI/We...&Culture=en-US

    ************************************************** ********************
    Grüsse
    Rene

    Administrator von informatikboard.ch
    Stichworte: -
  • #2
    MS05-004
    Title: ASP.NET Path Validation Vulnerability (887219)

    Affected Software:
    - Microsoft .NET Framework 1.0 Service Pack 2 and Service Pack 3
    - Microsoft .NET Framework 1.1 (All Versions)

    Affected Components:
    - ASP.NET

    Impact of Vulnerability: Information Disclosure, possible Elevation of Privilege Maximum Severity Rating: Important

    Restart required: Yes

    Update can be uninstalled: Yes

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-004.mspx

    ************************************************** ********************
    MS05-005
    Title: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)

    Affected Software:
    - Microsoft Office XP Software Service Pack 3
    - Microsoft Office XP Software Service Pack 2
    - Microsoft Project 2002
    - Microsoft Visio 2002
    - Microsoft Works Suite 2002
    - Microsoft Works Suite 2003
    - Microsoft Works Suite 2004

    Non-Affected Software:
    - Microsoft Office 2000
    - Microsoft Office 2003

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Restart required: No

    Update can be uninstalled: No

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-005.mspx

    ************************************************** ********************
    MS05-006
    Title: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

    Affected Software:
    - Windows SharePoint Services
    - SharePoint Team Services from Microsoft

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Moderate

    Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart."

    Update can be uninstalled: No

    More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-006.mspx
    Grüsse
    Rene

    Administrator von informatikboard.ch

    Kommentar

    • #3
      ************************************************** ********************
      MS05-007
      Title: Vulnerability in Windows Could Allow Information Disclosure (888302)

      Affected Software:
      - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)

      Non-Affected Software:
      - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
      - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
      - Microsoft Windows Server 2003
      - Microsoft Windows Server 2003 for Itanium-based Systems
      - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

      Impact of Vulnerability: Information Disclosure

      Maximum Severity Rating: Important

      Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will not be required, stop all affected services and close all applications that may use the affected files prior to installing the security update.

      Update can be uninstalled: Yes

      More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-007.mspx

      ************************************************** ********************
      MS05-008
      Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

      Affected Software:
      - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
      - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
      - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
      - Microsoft Windows Server 2003
      - Microsoft Windows Server 2003 for Itanium-based Systems
      - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

      Impact of Vulnerability: Remote Code Execution

      Maximum Severity Rating: Important

      Restart required: Yes

      Update can be uninstalled: Yes

      More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-008.mspx

      ************************************************** ********************
      MS05-009
      Title: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)

      Affected Software:
      - Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP and Windows Server 2003)
      - Microsoft MSN Messenger 6.1
      - Microsoft MSN Messenger 6.2
      - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

      Non-Affected Software:
      - MSN Messenger for Mac
      - Windows Media Player 6.4
      - Windows Media Player 7.1
      - Windows Media Player for Windows XP (8.0)
      - Windows Media Player 9 Series for Windows XP Service Pack 2
      - Windows Media Player 10

      Affected Components:
      - Microsoft Windows Messenger version 4.7.2009 (when running on Windows XP and Windows XP Service Pack 1)
      - Microsoft Windows Messenger version 4.7.3000 (when running on Windows XP Service Pack 2)
      - Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems)

      Impact of Vulnerability: Remote Code Execution

      Maximum Severity Rating: Critical

      Restart required: In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are in use, this update will require a restart. If this occurs, a message appears that advises you to restart.

      Update can be uninstalled: Yes

      More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-009.mspx
      Grüsse
      Rene

      Administrator von informatikboard.ch

      Kommentar

      • #4
        ************************************************** ********************
        MS05-010
        Title: Vulnerability in the License Logging Service Could Allow Code Execution (885834)

        Affected Software:
        - Microsoft Windows NT Server 4.0 Service Pack 6a
        - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
        - Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
        - Microsoft Windows Server 2003
        - Microsoft Windows Server 2003 for Itanium-based Systems

        Non-Affected Software:
        - Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4
        - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Impact of Vulnerability: Remote Code Execution

        Maximum Severity Rating: Critical

        Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will not be required, stop all affected services and close all applications that may use the affected files prior to installing the security update.

        Update can be uninstalled: Yes

        More information on this vulnerability is available at: http://www.microsoft.com/technet/sec...MS05-0010.mspx

        I am still using Windows NT Server 4.0 Service Pack 6a or Windows NT Server 4.0 Terminal Server Edition Service Pack 6 but extended security update support ended on December 31st, 2004. However, this bulletin has security updates for these operating system versions. Why is that?

        Windows NT Server 4.0 Service Pack 6a and Windows NT Server 4.0 Terminal Server Edition Service Pack 6 reached the end of their life cycles on December 31, 2004. On this rare occasion, we believe that this vulnerability presents a serious risk to a broad number of customers. We have previously communicated that we reserve the right to produce updates in these situations. We determined that the best course of action to help protect customers was to release this security update. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin. However, since Windows NT Server 4.0 is no longer in support, this security update will only be available on the Microsoft Download Center and will not be available through Windows Update.
        We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but as mentioned previously, we reserve the right to produce updates and to make these updates available when necessary. It should be a priority for customers who have this operating system version to migrate to supported operating system versions to prevent potential exposure to vulnerabilities. For more information about the Windows Service Pack Product Life Cycle, visit the Microsoft Support Lifecycle Web site. For more information about the Windows Product Life Cycle, visit the Microsoft Support Lifecycle Web site.

        ************************************************** ********************
        MS05-011
        Title: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

        Affected Software:
        - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        - Microsoft Windows Server 2003
        - Microsoft Windows Server 2003 for Itanium-based Systems

        Non-Affected Software:
        - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Impact of Vulnerability: Remote Code Execution

        Maximum Severity Rating: Critical

        Restart required: Yes

        Update can be uninstalled: Yes

        More information on this vulnerability is available at: http://www.microsoft.com/technet/sec...MS05-0X11.mspx
        Grüsse
        Rene

        Administrator von informatikboard.ch

        Kommentar

        • #5
          ************************************************** ********************
          MS05-012
          Title: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) Affected Software:
          - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
          - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
          - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
          - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
          - Microsoft Windows Server 2003
          - Microsoft Windows Server 2003 for Itanium-based Systems
          - Microsoft Exchange 2000 Server Service Pack 3 (uses the Windows OLE component)
          - Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 Service Pack 1 (uses the Windows OLE component)
          - Microsoft Exchange Server 5.0 Service Pack 2 (uses the Windows OLE component)
          - Microsoft Exchange Server 5.5 Service Pack 4 (uses the Windows OLE component)
          - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.
          - Microsoft Office XP Service Pack 3 (uses the Windows OLE component)
          - Microsoft Office XP Service Pack 2 (uses the Windows OLE component)
          - Microsoft Office XP Software:
          - Outlook 2002
          - Word 2002
          - Excel 2002
          - PowerPoint® 2002
          - FrontPage® 2002
          - Publisher 2002
          - Access 2002
          - Microsoft Office 2003 Service Pack 1 (Uses the Windows OLE component)
          - Microsoft Office 2003 (Uses the Windows OLE component)
          - Microsoft Office 2003 Software:
          - Outlook 2003
          - Word 2003
          - Excel 2003
          - PowerPoint® 2003
          - FrontPage® 2003
          - Publisher 2003
          - Access 2003
          - InfoPath(tm) 2003
          - OneNote(tm) 2003

          Impact of Vulnerability: Remote Code Execution

          Maximum Severity Rating: Critical

          Restart required: Yes

          Update can be uninstalled: Yes

          More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-012.mspx

          ************************************************** ********************
          MS05-013
          Title: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution (891781)

          Affected Software:
          - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
          - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
          - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
          - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
          - Microsoft Windows Server 2003
          - Microsoft Windows Server 2003 for Itanium-based Systems
          - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

          Impact of Vulnerability: Remote Code Execution

          Maximum Severity Rating: Critical

          Restart required: This update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

          Update can be uninstalled: Yes

          More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-013.mspx

          ************************************************** ********************
          MS05-014
          Title: Cumulative Security Update for Internet Explorer (867282) Affected Software:
          - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
          - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
          - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
          - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
          - Microsoft Windows Server 2003
          - Microsoft Windows Server 2003 for Itanium-based Systems
          - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

          Affected Components:
          - Internet Explorer 5.01 Service Pack 3 (SP3) on Windows 2000 Service Pack 3
          - Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
          - Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition: - Review the FAQ section of this bulletin for details about this version.
          - Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, on Microsoft Windows XP, or on Microsoft Windows XP Service Pack 1
          - Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition: - Review the FAQ section of this bulletin for details about this version.
          - Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
          - Internet Explorer 6 for Windows Server 2003
          - Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
          - Internet Explorer 6 for Windows XP Service Pack 2

          Impact of Vulnerability: Remote Code Execution

          Maximum Severity Rating: Critical

          Restart required: You must restart your system after you apply this security update. You do not have to use an administrator logon after the computer restarts for any version of this update.

          Update can be uninstalled: Yes

          More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-014.mspx

          ************************************************** ********************
          MS05-015
          Title: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

          Affected Software:
          - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
          - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
          - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
          - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
          - Microsoft Windows Server 2003
          - Microsoft Windows Server 2003 for Itanium-based Systems
          - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

          Impact of Vulnerability: Remote Code Execution

          Maximum Severity Rating: Critical

          Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

          Update can be uninstalled: Yes

          More information on this vulnerability is available at: http://www.microsoft.com/technet/sec.../MS05-015.mspx

          ************************************************** ********************
          MS04-035
          Title: Vulnerability in SMTP Could Allow Remote Code Execution (885881)

          Affected Software (re-release only):
          - Microsoft Exchange 2000 Server Service Pack 3

          Affected Components (re-release only):
          - Microsoft Exchange 2000 Server Routing Engine component

          Reason for Re-release: Subsequent to the release of this bulletin, it was determined that a variation of the vulnerability addressed also affects Exchange 2000 Server. Microsoft has updated the bulletin, on February 8, 2005, with additional information about Exchange 2000 Server and also to direct users to a security update for this additional affected platform.

          More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/sec.../MS04-035.mspx

          If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

          Thank you,
          Microsoft PSS Security Team
          Grüsse
          Rene

          Administrator von informatikboard.ch

          Kommentar

          Vorherige template Weiter
          Lädt...
          X

          Wir verarbeiten personenbezogene Daten über Nutzer unserer Website mithilfe von Cookies und anderen Technologien, um unsere Dienste bereitzustellen, Werbung zu personalisieren und Websiteaktivitäten zu analysieren. Wir können bestimmte Informationen über unsere Nutzer mit unseren Werbe- und Analysepartnern teilen. Weitere Einzelheiten finden Sie in unserer Datenschutzrichtlinie.

          Wenn Sie unten auf "Einverstanden" klicken, stimmen Sie unserer Datenschutzrichtlinie und unseren Datenverarbeitungs- und Cookie-Praktiken wie dort beschrieben zu. Sie erkennen außerdem an, dass dieses Forum möglicherweise außerhalb Ihres Landes gehostet wird und Sie der Erhebung, Speicherung und Verarbeitung Ihrer Daten in dem Land, in dem dieses Forum gehostet wird, zustimmen.

          Einverstanden