Microsoft Security Bulletin MS05-053
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
Published: November 8, 2005

Version: 1.0

Summary
Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: None


Microsoft will host a webcast (http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032283901&EventCategory=4&culture=en-US&CountryCode=US) tomorrow to address customer questions on this bulletin:
Start Time: Wednesday, November 9, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Wednesday, November 9, 2005 12:00 PM (GMT-08:00) Pacific Time (US & Canada)

Note: Find out if you are missing important Microsoft product updates by using MBSA (http://www.microsoft.com/technet/security/tools/mbsahome.mspx)
Share this information to your friends to help them protect theirs and other's PC by keeping an up-to-date system.
http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx

Windows Malicious Software Removal Tool - November 2005 (KB890830)
Date last published: 11/8/2005
Download size: 1.2 MB
After the download, this tool runs once to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove any infection found. If an infection is found, the tool will display a status report the next time you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center or run an online version from microsoft.com. This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.

New Additions
We have added detection and cleaning capabilities for the following malicious software:

• Bugbear

• Codbot

• Mabutu

• Opaserv

• Swen

See the complete list of malicious software cleaned by this tool.
http://www.microsoft.com/security/malwareremove/families.mspx

Non-Security Updates

Microsoft is today also making the following High-Priority NON-SECURITY updates available

KB887624 - Windows SharePoint Services Language Template Pack Service Pack 2
WU, MU
http://support.microsoft.com/default.aspx?scid=kb;en-us;887624

KB907492 - Outlook 2003 Junk E-mail Filter update: November 2005
MU
http://support.microsoft.com/default.aspx?scid=kb;en-us;907492

KB907417 - Update for Office 2003
MU
http://support.microsoft.com/default.aspx?scid=kb;en-us;907417

MS05-050 have undergone a minor revision increment.

- Reason for Revision: Bulletin updated the following: Microsoft has also been made aware that when installing the "Security Update for DirectX 8.1 for Windows XP Service Pack 1" or "Security Update for DirectX 8.1 for Windows 2003" package on a computer that has DirectX 9; the install completes successfully without giving any indication that the computer was not updated. Users running DirectX 9 will still be vulnerable to the issue discussed within MS05-050 until they apply the appropriate package for their DirectX version. In "Frequently asked questions (FAQ) related to this security update" section, updated the "How can I determine whether I am running an updated version of DirectX on my system?" for Windows 2000 SP4 Multi-User Interface (MUI) users.
- Originally posted: October 11, 2005
- Updated: November 9, 2005
- Bulletin Severity Rating: Critical
- Version: 1.4

http://www.microsoft.com/technet/security/bulletin/ms05-050.mspx

Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Quick InfoFile Name:Windows-KB890830-V1.10-ENU.exe

Version:
1.10

Date Published:
11/11/2005

Language:
English

Download Size:
989 KB

http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en

MS05-053: TROJ_EMFSPLOIT.A in the wild
please apply the MS Nov updates ASAP

Trend is reporting a trojan horse that might be the first example of a new exploit developed from the November security updates issued by Microsoft. Please update your PC with the latest security updates offered by Microsoft, as more developments could follow.

Internet Storm Center: TROJ_EMFSPLOIT.A in the wild (http://isc.sans.org/diary.php?storyid=836)

Trend Link: TROJ_EMFSPLOIT.A in the wild (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FEMFSPLOIT%2EA)

Trend Micro is reporting a trojan in the wild (TROJ_EMFSPLOIT.A) that is exploiting the recent MS05-053 vulnerability announced on Tuesday. The trojan causes EXPLORER.EXE to crash, which isn't so much fun for Windows users.

Upon execution, this Trojan causes the EXPLORER.EXE of affected machines to crash. It may also cause applications that attempt to load it to crash. An example of an application that can load EMF files is Internet Explorer. This Trojan runs on Windows 2000 Service Pack 4 and XP with no Service Pack.

This news courtesy of Harry Waldren MVP Windows Security