Microsoft Security Bulletin(s) for 6/14/05

Discussion in 'other security issues & news' started by NICK ADSL UK, Jun 14, 2005.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    THIS UPDATE COURTESY OF jbMSFT MICROSOFT [MVP]

    Microsoft Security Bulletin(s) for 6/14/05

    June 14, 2005
    Today Microsoft released the following Security Bulletin(s).


    Note: www.Microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:

    http://www.microsoft.com/technet/security/Bulletin/ms05-Jun.mspx

    Critical Bulletins:


    Cumulative Security Update for Internet Explorer (883939)
    http://www.microsoft.com/technet/security/Bulletin/ms05-025.mspx

    Vulnerability in HTML Help Could Allow Remote Code Execution [896358]
    http://www.microsoft.com/technet/security/Bulletin/ms05-026.mspx

    Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)
    http://www.microsoft.com/technet/security/Bulletin/ms05-027.mspx

    Important Bulletins:

    Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)
    http://www.microsoft.com/technet/security/Bulletin/ms05-028.mspx

    Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)
    http://www.microsoft.com/technet/security/Bulletin/ms05-029.mspx

    Cumulative Security Update in Outlook Express (897715)
    http://www.microsoft.com/technet/security/Bulletin/ms05-018.mspx


    Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution [898458]
    http://www.microsoft.com/technet/security/Bulletin/ms05-031.mspx

    Moderate Bulletins:

    Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
    http://www.microsoft.com/technet/security/Bulletin/ms05-032.mspx

    Vulnerability in Telnet Client Could Allow Information Disclosure [896428]
    http://www.microsoft.com/technet/security/Bulletin/ms05-033.mspx

    Cumulative Security Update for ISA Server 2000 (899753)
    http://www.microsoft.com/technet/security/Bulletin/ms05-034.mspx

    Re-Released Bulletins:

    SQL Server Installation Process May Leave Passwords on System [Q263968]
    http://www.microsoft.com/technet/security/Bulletin/ms02-035.mspx

    ASP.NET Path Validation Vulnerability [887219]
    http://www.microsoft.com/technet/security/Bulletin/ms05-004.mspx

    Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)
    http://www.microsoft.com/technet/security/Bulletin/ms05-029.mspx

    This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety [1-866-727-2338] International customers should contact their local subsidiary.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Screen shot of todays updates on my system
     

    Attached Files:

  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Advance Notification

    The next Security Bulletin Advance Notification is scheduled for July 7, and will outline information for the July 12, 2005 security bulletin release.
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Software update 898461 installs a permanent copy of the Package Installer for Windows version 6.1.22.4
    View products that this article applies to.
    APPLIES TO
    • Microsoft Windows XP Home Edition SP1
    • Microsoft Windows XP Home Edition SP2
    • Microsoft Windows XP Professional SP1
    • Microsoft Windows XP Professional SP2
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows XP Service Pack 2


    INTRODUCTION
    The Package Installer for Windows is used to install software updates for Microsoft Windows operating systems and for other Microsoft products. Software update 898461 installs a permanent copy of the Package Installer for Windows version 6.1.22.4 on the computer so that subsequent software updates can have a significantly smaller download size.


    MORE INFORMATION
    New features in the Package Installer for Windows version 6.1.22.4
    Currently, the files for the Package Installer for Windows are downloaded every time that you use the Windows Update site or Automatic Updates to update the computer. This redundant download can be avoided if the installer files are made resident on the computer, because subsequent updates can use the resident files. Software update 898461 installs the files for the Package Installer for Windows version 6.1.22.4 on the computer.

    Note This change in behavior applies only to express installation packages that are downloaded from the Windows Update site or through Automatic Updates for Microsoft Windows XP. Downloads from the Windows Update Catalog site are not affected.


    Update information
    The files for the Package Installer for Windows are installed in the following folder:
    %windir%\System32\PreInstall\WinSE\WXP_%lcid%_v1
    Note The placeholder %windir% represents the location of the Windows system directory. The placeholder %lcid% represents the language identifier for the operating system that the computer is running. For more information about language identifiers, visit the following Microsoft Web site:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/intl/nls_8xo3.asp


    The following files are installed in this folder:• Update.exe.ref
    • Updspapi.dll.ref
    • Spuninst.exe.ref
    • Spcustom.dll.ref
    • Spmsg.dll.ref
    • Spupdsvc.exe.ref

    Effect on future updates
    Software update 898461 will at first be offered as a critical update. However, this software update will become mandatory shortly.

    As soon as software update 898461 becomes mandatory, no future updates that are available from the Windows Update Web site or through Automatic Updates will include the Package Installer for Windows. Instead, these updates will use the permanent copy of the Package Installer for Windows that software update 898461 installs.

    Software updates that were released before the release of software update 898461 will not be modified and will continue to be offered as is. Updates that are available from the Windows Update Catalog site will also continue to contain the installer and therefore will not depend on the presence of software update 898461 on the system.
    Download information
    The following file is available for download from the Microsoft Download Center:
    Download the 898461 package now. Release Date: Jun. 28, 2005
    http://www.microsoft.com/downloads/...E1-9A67-4B99-A65A-069B79267856&displaylang=en
     

    Attached Files:

  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS05-009
    Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)


    Issued: February 8, 2005
    Updated: July 6, 2005
    Version: 2.4

    Summary
    Who should read this document: Customers who use Microsoft Windows Media Player, Windows Messenger and MSN Messenger

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Customers should apply the update immediately

    Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

    Caveats: Starting February 10, 2005, the MSN Messenger service will notify customers running a vulnerable version of MSN Messenger that there is an upgrade available. Customers that have accepted this upgrade and have applied the update will be protected from this vulnerability. Customers that have not accepted this upgrade may not be allowed to connect to the MSN Messenger service with a vulnerable version of the client. Clients may be upgraded immediately by installing the update available at the download location provided in the “Affected Software” section below.

    Tested Software and Security Update Download Locations:

    Affected Software:

    • Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP Service Pack 1 and Windows Server 2003) – Download the update
    http://www.microsoft.com/downloads/details.aspx?FamilyId=A52279DC-3B6C-4720-8192-45657EDBB14F


    Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems) – Download the update
    http://www.microsoft.com/downloads/details.aspx?FamilyID=A8D9EB73-5F8C-4B9A-940F-9157A3B3D774


    • Microsoft MSN Messenger 6.1 – Download the update
    http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925


    Microsoft MSN Messenger 6.2 – Download the update
    http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925


    Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.


    Non-Affected Software:

    • Windows Media Player 6.4

    • Windows Media Player 7.1

    • Windows Media Player for Windows XP (8.0)

    • Windows Media Player 9 Series for Windows XP Service Pack 2

    • Windows Media Player 10

    • Windows Messenger 5.1

    • MSN Messenger for Mac


    Tested Microsoft Windows Components:

    Affected Components:

    • Microsoft Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1) – Download the update
    http://www.microsoft.com/downloads/details.aspx?FamilyId=F37B36AE-D8C0-46B5-B8BA-200466817CC8

    Microsoft Windows Messenger version 4.7.0.3000 (when running on Windows XP Service Pack 2) – Download the update
    http://www.microsoft.com/downloads/details.aspx?FamilyId=1DCC9628-E2D0-496F-B4F2-3AFEFA0A0156





    Microsoft Security Bulletin MS05-029
    Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)


    Issued: June 14, 2005
    Updated: July 6, 2005
    Version: 1.1

    Summary
    Who should read this document: System administrators who have servers that are running Outlook Web Access for Microsoft Exchange Server 5.5

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Important

    Recommendation: Customers should apply the update at the earliest opportunity

    Security Update Replacement: None

    Caveats: None

    Version Requirements for Dependent Components for This Update:
    For this update to be installed successfully, the Microsoft Outlook Web Access server must have one of the following installed:

    • Internet Explorer 5.01 Service Pack 3 installed when using Windows 2000 Service Pack 3

    • Internet Explorer 5.01 Service Pack 4 installed when using Windows 2000 Service Pack 4

    • Internet Explorer 6 Service Pack 1 installed when using other supported operating systems


    Version Recommendations for Dependent Components on the Outlook Web Access Server:
    The following versions are recommended for dependent components on the Outlook Web Access server:

    • Microsoft Internet Information Services (IIS):

    • IIS 5.0 on Windows 2000 Service Pack 3 or later


    • Microsoft Internet Explorer:

    • Internet Explorer 6.0 Service Pack 1



    Tested Software and Security Update Download Locations:

    Affected Software:

    • Microsoft Exchange Server 5.5 Service Pack 4 - Download the update
    http://www.microsoft.com/downloads/details.aspx?familyid=08435B77-9F3A-40F5-B13A-A7019CB1C244

    Non-Affected Software:

    • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004.

    • Microsoft Exchange Server 2003

    • Microsoft Exchange Server 2003 Service Pack 1
     
Loading...
Thread Status:
Not open for further replies.