It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
New Windows vulnerabilities rounded up in Microsoft's February security update New Windows vulnerabilities rounded up in Microsoft's February security update
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


New Windows vulnerabilities rounded up in Microsoft's February security update
Reply
 
Thread Tools
Old 9th February 2005, 19:15   #1
[M] Reviewer
 
Sidney's Avatar
 
Join Date: Mar 2004
Posts: 15,739
Sidney Freshly Registered
Default New Windows vulnerabilities rounded up in Microsoft's February security update

A slew of bulletins has been released by Microsoft in its February security update.
There are twelve updates this month - ranging from a vulnerability in SharePoint Services, which could allow cross-site scripting, to a cumulative security update for Internet Explorer - and they span Windows and Office Systems.

We'll begin with the Windows bulletins deemed 'critical', which mainly involve vulnerabilities that could allow an attacker to execute code on a Windows machine. Once an attacker has such access, of course, the integrity of a system can be massively compromised.

Bulletin MS05-010 relates to a Vulnerability in the License Logging service, MS05-011 concerns Server Message Block (SMB) processing, MS05-012 is a vulnerability in OLE and COM that could, again, allow remote code execution, MS05-013 involves a vulnerability in the DHTML editing component of an ActiveX control and, finally, MS05-015 is a vulnerability in the Hyperlink Object Library that could allow remote code execution.

Bulletin MS05-008 also involves code execution - via a vulnerability in the Windows shell - but this is ranked as 'Important'.

Whereas a 'Critical' vulnerability is one whose 'exploitation could allow the propagation of an Internet worm without user action', an 'Important' one 'could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources'.

Bulletin MS05-009 is also deemed of Critical status. A vulnerability in processing PNG images could lead to buffer overruns. MS05-014, meanwhile, is a Critical cumulative security update for Internet Explorer

For completeness, bulletins MS05-004, MS05-007 are deemed Important and relate to validation of ASP.NET and an information disclose vulnerability.

Finally, MS05-006 relates to a vulnerability in Windows SharePoint Services and SharePoint Team Services that could allow cross-site scripting and spoofing attacks. This is rated as moderate, i.e. exploitability is mitigated to a significant degree by default settings or the difficulty of exploitation.

Moving away from Windows updates, there are also two February bulletins relating to Office systems.

As well as the MS05-006 vulnerability in Windows SharePoint Services, there is MS05-004, which is an ASP.NET path validation vulnerability. This is ranked as 'Important'.

For full details of which particular versions of Windows are affected by each bulletin, see http://www.microsoft.com/security/bu..._windows.mspx. And to get all the updates visit windowsupdate.microsoft.com/.

http://www.comp-buyer.co.uk/
__________________
lazyman

Opteron 165 (2) @2.85 1.42 vcore AMD Stock HSF + Chill Vent II
Sidney is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
175 Windows 7 Tweaks, Tips, and How-To Articles jmke WebNews 2 23rd October 2009 14:00
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch jmke WebNews 0 14th April 2009 18:47
Microsoft Security Bulletin Summary for September 2008 jmke WebNews 0 9th September 2008 19:20
Windows Update pushes out "stealth" updates, Microsoft explains jmke WebNews 0 13th September 2007 22:46
Microsoft Security Bulletin Summary for August 2007 jmke WebNews 0 14th August 2007 22:21
Microsoft Security Bulletin Summary for February 2007 jmke WebNews 0 14th February 2007 00:25
Microsoft Security Bulletin Summary for June 2006 jmke WebNews 0 14th June 2006 20:51
Microsoft to update final Windows 2000 patch Sidney WebNews 0 9th August 2005 00:22
List of fixes included in Windows XP Service Pack 2 jmke WebNews 1 17th August 2004 15:03
Microsoft Releases Security Update Sidney WebNews 0 3rd July 2004 16:13

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 07:56.


Powered by vBulletin® - Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO