| ||Thread Tools|
|9th February 2005, 19:15||#1|
Join Date: Mar 2004
New Windows vulnerabilities rounded up in Microsoft's February security update
A slew of bulletins has been released by Microsoft in its February security update.
There are twelve updates this month - ranging from a vulnerability in SharePoint Services, which could allow cross-site scripting, to a cumulative security update for Internet Explorer - and they span Windows and Office Systems.
We'll begin with the Windows bulletins deemed 'critical', which mainly involve vulnerabilities that could allow an attacker to execute code on a Windows machine. Once an attacker has such access, of course, the integrity of a system can be massively compromised.
Bulletin MS05-010 relates to a Vulnerability in the License Logging service, MS05-011 concerns Server Message Block (SMB) processing, MS05-012 is a vulnerability in OLE and COM that could, again, allow remote code execution, MS05-013 involves a vulnerability in the DHTML editing component of an ActiveX control and, finally, MS05-015 is a vulnerability in the Hyperlink Object Library that could allow remote code execution.
Bulletin MS05-008 also involves code execution - via a vulnerability in the Windows shell - but this is ranked as 'Important'.
Whereas a 'Critical' vulnerability is one whose 'exploitation could allow the propagation of an Internet worm without user action', an 'Important' one 'could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources'.
Bulletin MS05-009 is also deemed of Critical status. A vulnerability in processing PNG images could lead to buffer overruns. MS05-014, meanwhile, is a Critical cumulative security update for Internet Explorer
For completeness, bulletins MS05-004, MS05-007 are deemed Important and relate to validation of ASP.NET and an information disclose vulnerability.
Finally, MS05-006 relates to a vulnerability in Windows SharePoint Services and SharePoint Team Services that could allow cross-site scripting and spoofing attacks. This is rated as moderate, i.e. exploitability is mitigated to a significant degree by default settings or the difficulty of exploitation.
Moving away from Windows updates, there are also two February bulletins relating to Office systems.
As well as the MS05-006 vulnerability in Windows SharePoint Services, there is MS05-004, which is an ASP.NET path validation vulnerability. This is ranked as 'Important'.
For full details of which particular versions of Windows are affected by each bulletin, see http://www.microsoft.com/security/bu..._windows.mspx. And to get all the updates visit windowsupdate.microsoft.com/.
Opteron 165 (2) @2.85 1.42 vcore AMD Stock HSF + Chill Vent II
|Thread||Thread Starter||Forum||Replies||Last Post|
|175 Windows 7 Tweaks, Tips, and How-To Articles||jmke||WebNews||2||23rd October 2009 14:00|
|Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch||jmke||WebNews||0||14th April 2009 18:47|
|Microsoft Security Bulletin Summary for September 2008||jmke||WebNews||0||9th September 2008 19:20|
|Windows Update pushes out "stealth" updates, Microsoft explains||jmke||WebNews||0||13th September 2007 22:46|
|Microsoft Security Bulletin Summary for August 2007||jmke||WebNews||0||14th August 2007 22:21|
|Microsoft Security Bulletin Summary for February 2007||jmke||WebNews||0||14th February 2007 00:25|
|Microsoft Security Bulletin Summary for June 2006||jmke||WebNews||0||14th June 2006 20:51|
|Microsoft to update final Windows 2000 patch||Sidney||WebNews||0||9th August 2005 00:22|
|List of fixes included in Windows XP Service Pack 2||jmke||WebNews||1||17th August 2004 15:03|
|Microsoft Releases Security Update||Sidney||WebNews||0||3rd July 2004 16:13|