Microsoft Security Bulletin Summary for October, 2005

Issued: October 11, 2005

Critical (3)
Microsoft Security Bulletin MS05-050
Bulletin Title
Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
Executive Summary
A vulnerability exists in DirectShow that could allow an attacker to take complete control of the affected system.
http://www.microsoft.com/technet/security/Bulletin/ms05-050.mspx

Microsoft Security Bulletin MS05-051
Bulletin Title
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
Executive Summary
Vulnerabilities exist in MSDC and COM+ that could allow an attacker to take complete control of the affected system.
http://www.microsoft.com/technet/security/Bulletin/ms05-051.mspx

Microsoft Security Bulletin MS05-052
Bulletin Title
Cumulative Security Update for Internet Explorer 896688
Executive Summary
A vulnerability exists in Internet Explorer that could allow an attacker to take complete control of an affected system.
http://www.microsoft.com/technet/security/Bulletin/ms05-052.mspx

Important (4)
Microsoft Security Bulletin MS05-046
Bulletin Title
Vulnerability in the Client Services for Netware Could Allow Remote Code Execution (899589)
Executive Summary
A vulnerability exists in Client Services for NetWare that could allow an attacker to take complete control of the affected system. Client Services for Netware is not installed by default on Microsoft Windows.
http://www.microsoft.com/technet/security/Bulletin/ms05-046.mspx

Microsoft Security Bulletin MS05-047
Bulletin Title
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
Executive Summary
A vulnerability exists in Plug and Play (PnP) that could allow an attacker to take complete control of the affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/ms05-047.mspx

Microsoft Security Bulletin MS05-048
Bulletin Title
Vulnerability in the Microsoft Collaboration Objects Could Allow Remote Code Execution (907245)
Executive Summary
A vulnerability exists in Microsoft Collaboration Data Objects that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. The SMTP service in Windows and Exchange is not vulnerable in the default configuration.
http://www.microsoft.com/technet/security/Bulletin/ms05-048.mspx

Microsoft Security Bulletin MS05-049
Bulletin Title
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
Executive Summary
Vulnerabilities exist in Windows that could allow an attacker to take complete control of the affected system. User interaction is required for an attacker to exploit this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/ms05-049.mspx

Moderate (2)
Microsoft Security Bulletin MS05-044
Bulletin Title
Vulnerability in the Windows FTP Client Could Allow File Transfer Location and Tampering (905495)
Executive Summary
A tampering vulnerability exists in the Windows FTP client that could allow an attacker to modify the intended destination location for a file transfer. User interaction is required for an attacker to exploit this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/ms05-044.mspx

Microsoft Security Bulletin MS05-045
Bulletin Title
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
Executive Summary
A vulnerability exists in Network Connection Manager that could allow an attacker to cause the component responsible for managing network and remote access connections to stop responding. An attacker must have valid logon credentials to exploit this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/ms05-045.mspx

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites.

Microsoft will host a webcast tomorrow to address customer questions on these bulletins
Start Time: Wednesday, October 12, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Wednesday, October 12, 2005 12:00 PM (GMT-08:00) Pacific Time (US & Canada)

Find out if you are missing important Microsoft product updates by using MBSA
Share this information to your friends to help them protect theirs and other's PC by keeping an uptodate system.
http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US

 

Title: Microsoft Security Bulletin Minor Revisions
Issued: October 12, 2005
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

Bulletin Information:

MS05-052
- Reason for Revision: Bulletin updated to revise the log file name, uninstall directory name, and install registry key name for the Internet Explorer Service Pack 1 security update.
- Originally posted: October 11, 2005
- Updated: October 12, 2005
- Bulletin Severity Rating: Critical
- Version: 1.1

http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx


MS05-050
- Reason for Revision: Bulletin updated to provide additional clarity around DirectX versions in the "Affected Software" section.
- Originally posted: October 11, 2005
- Updated: October 12, 2005
- Bulletin Severity Rating: Critical
- Version: 1.1

http://www.microsoft.com/technet/security/bulletin/ms05-050.mspx

 

Microsoft has released an update for Microsoft Access 2002

Version:
1

Date Published:
10/18/2005

Language:
English

Download Size:
1292 KB - 10326 KB*

System Requirements
Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP



This update applies to the following product: Microsoft Access 2002, Microsoft Access 2002 Runtime

To install the update, you must have the following:
Office XP Service Pack 3.
Office XP Service Pack 3 (SP3) for Access 2002 Runtime (if you have Access 2002 Runtime installed).

Microsoft Windows Installer version 2.0 or later. Microsoft Windows 2000 Service Pack 3 and Microsoft Windows XP include this version of the Windows Installer. Otherwise, the latest version of Windows Installer is available as a separate download at the following locations:

Windows Installer for Windows 95, 98, and ME
Windows Installer for Windows NT 4.0 and 2000

http://www.microsoft.com/downloads/...F0-BEF5-4054-B854-B1240B5135F5&displaylang=en

Please note this update is available at the Microsoft update site for download

 

Microsoft Security Bulletin Minor Revisions

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS05-050
- http://www.microsoft.com/technet/security/bulletin/MS05-050.mspx
- Reason for revision: Bulletin updated for the following: Caveats and FAQ were updated to reflect the available Microsoft Knowledge Base Article 909596 and to clarify a known issue that affected Windows 2000 SP4 customers who were running DirectX. In
the "Frequently asked questions (FAQ) related to this security update" section, updated the "What updates does this release replace" question to make it clearer with regards to DirectX and Windows 2000. Added information about Windows XP Professional
x64 Edition to the "File Information" section under "Windows XP (all versions)". Revised the "DirectX Standalone" "Registry Key Verification" for all versions.
- Originally posted: October 11, 2005 - Updated: October 19, 2005 - Bulletin Severity Rating: Critical - Version: 1.2

* MS05-052
- http://www.microsoft.com/technet/security/bulletin/MS05-052.mspx
- Reason for revision: Bulletin updated to revise the install registry key name for the Windows Server 2003 security update.
- Originally posted: October 11, 2005 - Updated: October 19, 2005 - Bulletin Severity Rating: Critical - Version: 1.2

 

Update for Windows Server 2003 (32-bit x86) (KB904639)

Install this update to address an issue that will keep some applications from running in a 64-bit environment. When you try to run a 64-bit application that uses an Interface Remoting component of Microsoft Data Access Components (MDAC) 2.8, you may receive an "access violation" error message, or the dllhost.exe process may display 100% CPU utilization when viewed with Task Manager. After you install this item, you may have to restart your computer.

WindowsServer2003-KB904639-x86-ENU.exe
http://www.microsoft.com/downloads/...49-096b-4c00-90ce-6f41f16b7684&displaylang=en

WindowsServer2003-KB904639-x64-ENU.exe
http://www.microsoft.com/downloads/...67-0c40-4362-a5e9-3604d9a34f25&displaylang=en

WindowsServer2003-KB904639-ia64-ENU.exe
http://www.microsoft.com/downloads/...12-2cb5-4189-ad6c-fee5d47ee617&displaylang=en