Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).
Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.
Critical Security Bulletins
Microsoft Security Bulletin MS05-019
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Windows 2000 Service Pack 3 and 4
Microsoft Windows XP Service Pack 1 and 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Windows 2000 Service Pack 3 and 4
Microsoft Windows XP Service Pack 1 and 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Security Bulletin MS05-021
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Security Bulletin MS05-022
Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
MSN Messenger 6.2
Microsoft Security Bulletin MS05-023
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Word 2000
Microsoft Works Suite 2001
Microsoft Word 2002
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Microsoft Office Word 2003
UPDATE
[2005-04-14 15:17:08 | Wendy Hargle, IDSG Staff]
The following are patches defined by Microsoft as ‘important’. These also MUST be applied within 5 business days.
Important Security Bulletins
Microsoft Security Bulletin MS05-016
Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Windows 2000 Service Pack 3 & 4
Microsoft Windows XP Service Pack 1 and 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Security Bulletin MS05-017
Vulnerability in Message Queuing Could Allow Code Execution (892944)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Windows 2000 Service Pack 3 and 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Security Bulletin MS05-018
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
– Impact: Elevation of Privilege
– No active exploit as of 04/14/05.
Microsoft Windows 2000 Service Pack 3 and 4
Microsoft Windows XP Service Pack 1 and 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
UPDATE
[2005-06-16 16:13:17 | Wendy Hargle, IDSG Staff]
Microsoft Security Bulletin MS05-019
-Documentation originally posted: April 12, 2005 V1.0
-Documentation updated: May 11, 2005 V1.1
-Revised Security Update: June 14, 2005 V2.0
Microsoft recommends installing this revised security update even if you have installed the previous version. The revised security update is available through Windows Update.
UPDATE
[2005-05-12 10:48:02 | Wendy Hargle, IDSG Staff]
Microsoft Security Bulletin MS05-019
-Documentation originally posted: April 12, 2005 V1.0
-Documentation updated: May 11, 2005 V1.1
Microsoft Security Bulletin MS05-022
-Documentation originally posted: April 12, 2005 V1.0
-Documentation updated: May 11, 2005 V1.1
Microsoft Security Bulletin MS05-023
-Documentation originally posted: April 12, 2005 V1.0
-Documentation updated: April 14, 2005 V1.1
-Documentation updated: May 11, 2005 V1.2
UPDATE
[2005-04-18 11:48:38 | Wendy Hargle, IDSG Staff]
Microsoft Security Bulletin MS05-017
– Documentation originally posted: April 12, 2005 V1.0
– Documentation updated: April 14, 2005 V1.1
Microsoft Security Bulletin MS05-021
– Documentation originally posted: April 12, 2005 V1.0
– Documentation updated: April 14, 2005 V1.1
Microsoft Security Bulletin MS05-023
– Documentation originally posted: April 12, 2005 V1.0
– Documentation updated: April 14, 2005 V1.1