Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).
Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.
Critical Security Bulletins
Microsoft Security Bulletin MS05-024
Vulnerability in Web View Could Allow Remote Code Execution (894320)
– Impact: Remote Code Execution
– A Proof of Concept exploit has been published.
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
UPDATE
[2005-05-12 11:19:04 | Wendy Hargle, IDSG Staff]
Security Advisory (892313) Windows Media Player
9.0.0.3263 Windows Media Player 9 Series
10.0.0.3901 Windows Media Player 10
Users should confirm that their Media Player version is one of the above. Both are available for download on \\winsww\public\patches or by following the above link.
(http://go.microsoft.com/fwlink/?LinkId=47490)
Security Advisory (842851) Exchange Server 2003
in Windows Server 2003 SP1
(http://go.microsoft.com/fwlink/?LinkId=47491)
Customers who are interested in learning more should review Microsoft Knowledge Base Article 842851. (http://support.microsoft.com/kb/842851)