Microsoft Security Bulletin Summary for October, 2005

Discussion in 'other security issues & news' started by chachazz, Oct 11, 2005.

Thread Status:
Not open for further replies.
  1. chachazz

    chachazz Updates Team

    Joined:
    Apr 23, 2004
    Posts:
    840
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Issued: October 11, 2005

    Critical (3)
    Microsoft Security Bulletin MS05-050
    Bulletin Title
    Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
    Executive Summary
    A vulnerability exists in DirectShow that could allow an attacker to take complete control of the affected system.
    http://www.microsoft.com/technet/security/Bulletin/ms05-050.mspx

    Microsoft Security Bulletin MS05-051
    Bulletin Title
    Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
    Executive Summary
    Vulnerabilities exist in MSDC and COM+ that could allow an attacker to take complete control of the affected system.
    http://www.microsoft.com/technet/security/Bulletin/ms05-051.mspx

    Microsoft Security Bulletin MS05-052
    Bulletin Title
    Cumulative Security Update for Internet Explorer 896688
    Executive Summary
    A vulnerability exists in Internet Explorer that could allow an attacker to take complete control of an affected system.
    http://www.microsoft.com/technet/security/Bulletin/ms05-052.mspx

    Important (4)
    Microsoft Security Bulletin MS05-046
    Bulletin Title
    Vulnerability in the Client Services for Netware Could Allow Remote Code Execution (899589)
    Executive Summary
    A vulnerability exists in Client Services for NetWare that could allow an attacker to take complete control of the affected system. Client Services for Netware is not installed by default on Microsoft Windows.
    http://www.microsoft.com/technet/security/Bulletin/ms05-046.mspx

    Microsoft Security Bulletin MS05-047
    Bulletin Title
    Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
    Executive Summary
    A vulnerability exists in Plug and Play (PnP) that could allow an attacker to take complete control of the affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
    http://www.microsoft.com/technet/security/Bulletin/ms05-047.mspx

    Microsoft Security Bulletin MS05-048
    Bulletin Title
    Vulnerability in the Microsoft Collaboration Objects Could Allow Remote Code Execution (907245)
    Executive Summary
    A vulnerability exists in Microsoft Collaboration Data Objects that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. The SMTP service in Windows and Exchange is not vulnerable in the default configuration.
    http://www.microsoft.com/technet/security/Bulletin/ms05-048.mspx

    Microsoft Security Bulletin MS05-049
    Bulletin Title
    Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
    Executive Summary
    Vulnerabilities exist in Windows that could allow an attacker to take complete control of the affected system. User interaction is required for an attacker to exploit this vulnerability.
    http://www.microsoft.com/technet/security/Bulletin/ms05-049.mspx

    Moderate (2)
    Microsoft Security Bulletin MS05-044
    Bulletin Title
    Vulnerability in the Windows FTP Client Could Allow File Transfer Location and Tampering (905495)
    Executive Summary
    A tampering vulnerability exists in the Windows FTP client that could allow an attacker to modify the intended destination location for a file transfer. User interaction is required for an attacker to exploit this vulnerability.
    http://www.microsoft.com/technet/security/Bulletin/ms05-044.mspx

    Microsoft Security Bulletin MS05-045
    Bulletin Title
    Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
    Executive Summary
    A vulnerability exists in Network Connection Manager that could allow an attacker to cause the component responsible for managing network and remote access connections to stop responding. An attacker must have valid logon credentials to exploit this vulnerability.
    http://www.microsoft.com/technet/security/Bulletin/ms05-045.mspx

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites.

    Microsoft will host a webcast tomorrow to address customer questions on these bulletins
    Start Time: Wednesday, October 12, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
    End Time: Wednesday, October 12, 2005 12:00 PM (GMT-08:00) Pacific Time (US & Canada)

    Find out if you are missing important Microsoft product updates by using MBSA
    Share this information to your friends to help them protect theirs and other's PC by keeping an uptodate system.
    http://msevents.microsoft.com/CUI/W...&EventCategory=4&culture=en-US&CountryCode=US
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Title: Microsoft Security Bulletin Minor Revisions
    Issued: October 12, 2005

    Summary
    =======
    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    Bulletin Information:

    MS05-052
    - Reason for Revision: Bulletin updated to revise the log file name, uninstall directory name, and install registry key name for the Internet Explorer Service Pack 1 security update.
    - Originally posted: October 11, 2005
    - Updated: October 12, 2005
    - Bulletin Severity Rating: Critical
    - Version: 1.1

    http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx


    MS05-050

    - Reason for Revision: Bulletin updated to provide additional clarity around DirectX versions in the "Affected Software" section.
    - Originally posted: October 11, 2005
    - Updated: October 12, 2005
    - Bulletin Severity Rating: Critical
    - Version: 1.1

    http://www.microsoft.com/technet/security/bulletin/ms05-050.mspx
     
  4. chachazz

    chachazz Updates Team

    Joined:
    Apr 23, 2004
    Posts:
    840
    MS Security Bulletin MS05-051 update(909444)

    Microsoft Security Bulletin MS05-051

    Article ID: 909444
    Last Review: October 15, 2005
    Revision: 5.0


    APPLIES TO
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows XP Professional SP1
    • Microsoft Windows XP Professional SP2
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Advanced Server SP4
    • Microsoft Windows 2000 Datacenter Server SP4
    • Microsoft Windows 2000 Professional SP4
    • Microsoft Windows 2000 Service Pack 4

    Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC
    Please read Bulletin at:
    http://support.microsoft.com/kb/909444
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft has released an update for Microsoft Access 2002

    Version:
    1

    Date Published:
    10/18/2005


    Language:
    English

    Download Size:
    1292 KB - 10326 KB*

    System Requirements
    Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP



    This update applies to the following product: Microsoft Access 2002, Microsoft Access 2002 Runtime

    To install the update, you must have the following:
    Office XP Service Pack 3.
    Office XP Service Pack 3 (SP3) for Access 2002 Runtime (if you have Access 2002 Runtime installed).

    Microsoft Windows Installer version 2.0 or later. Microsoft Windows 2000 Service Pack 3 and Microsoft Windows XP include this version of the Windows Installer. Otherwise, the latest version of Windows Installer is available as a separate download at the following locations:

    Windows Installer for Windows 95, 98, and ME
    Windows Installer for Windows NT 4.0 and 2000


    http://www.microsoft.com/downloads/...F0-BEF5-4054-B854-B1240B5135F5&displaylang=en

    Please note this update is available at the Microsoft update site for download
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS05-050
    - http://www.microsoft.com/technet/security/bulletin/MS05-050.mspx
    - Reason for revision: Bulletin updated for the following: Caveats and FAQ were updated to reflect the available Microsoft Knowledge Base Article 909596 and to clarify a known issue that affected Windows 2000 SP4 customers who were running DirectX. In
    the "Frequently asked questions (FAQ) related to this security update" section, updated the "What updates does this release replace" question to make it clearer with regards to DirectX and Windows 2000. Added information about Windows XP Professional
    x64 Edition to the "File Information" section under "Windows XP (all versions)". Revised the "DirectX Standalone" "Registry Key Verification" for all versions.
    - Originally posted: October 11, 2005 - Updated: October 19, 2005 - Bulletin Severity Rating: Critical - Version: 1.2

    * MS05-052
    - http://www.microsoft.com/technet/security/bulletin/MS05-052.mspx
    - Reason for revision: Bulletin updated to revise the install registry key name for the Windows Server 2003 security update.
    - Originally posted: October 11, 2005 - Updated: October 19, 2005 - Bulletin Severity Rating: Critical - Version: 1.2
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Update for Windows Server 2003 (32-bit x86) (KB904639)

    Install this update to address an issue that will keep some applications from running in a 64-bit environment. When you try to run a 64-bit application that uses an Interface Remoting component of Microsoft Data Access Components (MDAC) 2.8, you may receive an "access violation" error message, or the dllhost.exe process may display 100% CPU utilization when viewed with Task Manager. After you install this item, you may have to restart your computer.

    WindowsServer2003-KB904639-x86-ENU.exe
    http://www.microsoft.com/downloads/...49-096b-4c00-90ce-6f41f16b7684&displaylang=en

    WindowsServer2003-KB904639-x64-ENU.exe
    http://www.microsoft.com/downloads/...67-0c40-4362-a5e9-3604d9a34f25&displaylang=en

    WindowsServer2003-KB904639-ia64-ENU.exe
    http://www.microsoft.com/downloads/...12-2cb5-4189-ad6c-fee5d47ee617&displaylang=en
     
Loading...
Thread Status:
Not open for further replies.