Header Search Widget
IRIS

Instructional & Research Information Systems

Microsoft Releases Security Patches for the Month

by



********************************************************************
Title: Microsoft Security Bulletin Summary for October 2005
Issued: October 11, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=54789
********************************************************************

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 10 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins
===========================


MS05-050 – Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

Impact: Remote Code Execution



Affected Software:
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition




    • MS05-051 – Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)



    Impact: Remote Code Execution



    Affected Software:
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition




    • MS05-052 – Cumulative Security Update for Internet Explorer (896688)



    Impact: Remote Code Execution



    Affected Software:
    Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition




    • Important Security Bulletins
    ============================



    MS05-046 – Vulnerability in the Client Services for Netware Could Allow Remote Code Execution (899589)



    Impact: Remote Code Execution



    Affected Software:
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1




    • MS05-047 – Vulnerability in Plug and Play Could Allow Remote Code
    Execution and Local Elevation of Privilege (905749)



    Impact: Remote Code Execution



    Affected Software:


  • indows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2






    • MS05-048 – Vulnerability in the Microsoft Collaboration Objects Could Allow Remote Code Execution (907245)



    Impact: Remote Code Execution



    Affected Software:
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP 64-Bit Edition Service Pack 1 (Itanium)
  • Windows XP 64-Bit Edition Version 2003 (Itanium)
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition
  • Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004




    • MS05-049 – Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)



    Impact: Remote Code Execution



    Affected Software:
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP 64-Bit Edition Service Pack 1 (Itanium)
  • Windows XP 64-Bit Edition Version 2003 (Itanium)
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition




    • Moderate Security Bulletins
    ===========================


    MS05-044 – Vulnerability in the Windows FTP Client Could Allow File Transfer Location and Tampering (905495)



    Impact: Remote Code Execution



    Affected Software:
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows Server 2003
  • Windows Server 2003 for Itanium-based Systems






    • MS05-045 – Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)



    Impact: Remote Code Execution



    Affected Software:
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
    •

    UPDATE

    [2005-10-14 09:58:10 | Emrys Ingersoll, IDSG]

    US CERT has confirmed exploit code for the following Microsoft Vulnerabilities:


    MS05-052 – Cumulative Security Update for Internet Explorer (896688)
    Details: Root level exploit code available, but users have to visit a malicious website for it to work.
    MS05-052 on US CERT’s website


    MS05-045 – Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
    Details: DoS exploit code available. For WinXP SP2 & W2k3 SP1, it isn’t remotely exploitable. On WinXP SP1, W2k3 and Win2000 it is remotely exploitable, but only with valid logon credentials.
    MS05-045 on US CERT’s website


    You should apply these updates as soon as possible.