Header Search Widget

IRIS

Instructional & Research Information Systems

Microsoft Releases Security Patches for the Month

by

********************************************************************
Title: Microsoft Security Bulletin Summary for October 2005
Issued: October 11, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=54789
********************************************************************

Security patches defined by Microsoft as “critical” or “important”
MUST be applied within 10 business days of notification. Should there
be active exploits, the time will be adjusted and users will be
informed appropriately. Hosts unpatched after the defined time are
subject to scanning and removal from the EECS network as per campus
IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the
Microsoft OS, and installed applications, please read requirements
carefully.

Critical Security Bulletins
===========================

MS05-050 – Vulnerability in DirectShow Could Allow Remote Code
Execution (904706)

Impact: Remote Code Execution

Affected Software:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition

    • MS05-051 – Vulnerabilities in MSDTC and COM+ Could Allow Remote
    Code Execution (902400)

    Impact: Remote Code Execution

    Affected Software:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition

    • MS05-052 – Cumulative Security Update for Internet Explorer (896688)

    Impact: Remote Code Execution

    Affected Software: Windows 2000 Service Pack 4

  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition

    • Important Security Bulletins
    ============================

    MS05-046 – Vulnerability in the Client Services for Netware Could
    Allow Remote Code Execution (899589)

    Impact: Remote Code Execution

    Affected Software:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1

    • MS05-047 – Vulnerability in Plug and Play Could Allow Remote Code
    Execution and Local Elevation of Privilege (905749)

    Impact: Remote Code Execution

    Affected Software:

  • indows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2

    • MS05-048 – Vulnerability in the Microsoft Collaboration Objects
    Could Allow Remote Code Execution (907245)

    Impact: Remote Code Execution

    Affected Software:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP 64-Bit Edition Service Pack 1 (Itanium)
  • Windows XP 64-Bit Edition Version 2003 (Itanium)
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition
  • Exchange 2000 Server Service Pack 3 with the Exchange
    2000 Post-Service Pack 3 Update Rollup of August 2004

    • MS05-049 – Vulnerabilities in Windows Shell Could Allow Remote Code
    Execution (900725)

    Impact: Remote Code Execution

    Affected Software:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP 64-Bit Edition Service Pack 1 (Itanium)
  • Windows XP 64-Bit Edition Version 2003 (Itanium)
  • Windows XP Professional x64 Edition
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 for Itanium-based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows Server 2003 x64 Edition

    • Moderate Security Bulletins
    ===========================

    MS05-044 – Vulnerability in the Windows FTP Client Could Allow File
    Transfer Location and Tampering (905495)

    Impact: Remote Code Execution

    Affected Software:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows Server 2003
  • Windows Server 2003 for Itanium-based Systems

    • MS05-045 – Vulnerability in Network Connection Manager Could Allow
    Denial of Service (905414)

    Impact: Remote Code Execution

    Affected Software:

  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows Server 2003
  • Windows Server 2003 Service Pack 1

    • [Read more…] about Microsoft Releases Security Patches for the Month

    Updating available WINSWW packages

    by

    In an effort to keep the list of software available on WINSWW current, IDSG will be removing some of the packages currently published to the domain
    (i.e. they appear in “Add/Remove Programs”) that no longer exist. IDSG plans
    to do this on Monday, Oct 10, 2005 in the afternoon.

    This procedure will not uninstall any software from any machines, it
    will just prevent nonexistent software from being available for future
    installation attempts. Packages removed in this manner will be
    replaced with current versions shortly (if they haven’t been already).

    Exchange Server unavailable

    by

    The EECS Exchange service on FONTUS is currently unavailable, as a result of some earlier trouble with one of the Windows domain controllers. Staff are currently working on the problem, but we do not yet have an estimate of when service will be restored.

    The problem lies with the communication between the Exchange server and the Global Catalog server. There is no problem with FONTUS itself, and no mail should be lost.
    [Read more…] about Exchange Server unavailable

    IMAP server downtime, Oct 11 2005

    by

    There will be downtime on Tuesday Oct 11, 2005 from 5PM to 6PM to add new hardware to the IMAP server imap.EECS.Berkeley.EDU.

    The server will be rebooted several times during this time.

    You will not be able to read mail until the server is stable again which will be at 6PM.

    EECS Macintosh Server is Now Online

    by

    The new Macintosh Server is up and running at macserver.eecs.berkeley.edu. Authentication is via your Windows Domain user name and password. Use Cmd+k to open the “go to server” window and type, smb://macserver.eecs.berkeley.edu. If your host is already in the domain no authentication in needed. If your host in not in the domain you will need to authenticate.

    The service so far is a shared folder, macsww. It contains a public folder of software for the Macintosh. I am still working on the Matlab installer, everything else should work.

    Please let me know if you have problems, I welcome your emails as Macintosh support is new to EECS and this is a work in progress.

    Thank you.

    EECS Town Hall Meeting

    by

    Hi all,

    We are pleased to announced our first EECS Town Hall meeting for this semester (FY05-06). It will be held in Woz Lounge, Oct. 11, from 2 to 4pm.

    Since this is our first meeting this fiscal year, there will be a lot of IT related information that we want to share, including upcoming deployments of the EECS IT security plans, various large scale campus activities, and many other new EECS services that are/will be in place throughout the year. We encourage you to attend, and please share the news with others that might be interested.

    More detailed agenda will be posted in the IRIS web site when it is available. There will be light refreshments, and please do bring your comments and suggestions with you!

    Thanks.