| Bulletin ID: MS05-055 |
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) |
Update Type: Security Update |
Severity: Important |
Date: 2005-12-13 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-2827 |
Included Updates: 908523 |
Applies to: Windows 2000 |
||
| Bulletin ID: MS05-050 |
Title: Vulnerability in DirectShow Could Allow Remote Code Execution (904706) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-12-13 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-2128 |
Included Updates: 904706 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-009 |
Title: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-11-08 |
| Description: This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the processing of PNG image formats. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-1244 |
Included Updates: 885492 887472 890261 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS03-022 |
Title: Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) |
Update Type: Security Update |
Severity: Important |
Date: 2005-11-08 |
| Description: Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available in a downloadable version for Windows NT 4.0 Server. Windows Media Services contains support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming, the server has no connection to or knowledge of the clients that may be receiving the stream of media content coming from the server. To facilitate logging of client information for the server, Windows 2000 includes a capability specifically designed to enable logging for multicast transmissions. | ||||
| Vulnerabilities: |
Included Updates: 822343 |
Applies to: Windows 2000 |
||
| Bulletin ID: MS05-051 |
Title: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-10-24 |
| Description: This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1978 CAN-2005-1979 CAN-2005-1980 CAN-2005-2119 |
Included Updates: 902400 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-049 |
Title: Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) |
Update Type: Security Update |
Severity: Important |
Date: 2005-10-13 |
| Description: This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. | ||||
| Vulnerabilities: CAN-2005-2117 CAN-2005-2118 CAN-2005-2122 |
Included Updates: 900725 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-047 |
Title: Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) |
Update Type: Security Update |
Severity: Important |
Date: 2005-10-13 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-2120 |
Included Updates: 905749 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS05-044 |
Title: Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) |
Update Type: Security Update |
Severity: Moderate |
Date: 2005-10-13 |
| Description: This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the Windows FTP client because of the way it validates file names. This vulnerability could allow an attacker to tamper with the file transfer location on the client during an FTP file transfer session. | ||||
| Vulnerabilities: CAN-2005-2126 |
Included Updates: 905495 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-052 |
Title: Cumulative Security Update for Internet Explorer (896688) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-10-11 |
| Description: This update resolves a newly-discovered public vulnerability and other privately-reported variations of the same vulnerability. The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects could, when instantiated in Internet Explorer, allow an attacker to take complete control of an affected system. Because these COM objects were not designed to be instantiated in Internet Explorer, this update sets the kill bit for the affected Class Identifiers (CLSID) in these COM objects. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-2127 |
Included Updates: 896688 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-026 |
Title: Vulnerability in HTML Help Could Allow Remote Code Execution (896358) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-10-11 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in HTML Help that could allow remote code execution on an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1208 |
Included Updates: 896358 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-033 |
Title: Vulnerability in Telnet Client Could Allow Information Disclosure (896428) |
Update Type: Security Update |
Severity: Moderate |
Date: 2005-10-08 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. An attacker who successfully exploited this information disclosure vulnerability could remotely read the session variables for users who have open connections to a malicious telnet server. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1205 |
Included Updates: 896428 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-031 |
Title: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) |
Update Type: Security Update |
Severity: Important |
Date: 2005-10-08 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1212 |
Included Updates: 898458 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP 64-Bit Edition Version 2003 |
||
| Bulletin ID: MS05-027 |
Title: Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-10-08 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. . An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1206 |
Included Updates: 896422 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-046 |
Title: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) |
Update Type: Security Update |
Severity: Important |
Date: 2005-10-07 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. This service is also called Gateway Service for NetWare on Windows 2000 Server. | ||||
| Vulnerabilities: CAN-2005-1985 |
Included Updates: 899589 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition |
||
| Bulletin ID: MS05-045 |
Title: Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) |
Update Type: Security Update |
Severity: Moderate |
Date: 2005-10-07 |
| Description: This update resolves a newly-discovered, public vulnerability. A vulnerability in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-2307 |
Included Updates: 905414 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-042 |
Title: Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) |
Update Type: Security Update |
Severity: Moderate |
Date: 2005-09-12 |
| Description: This update resolves two newly-discovered vulnerabilities, a privately reported vulnerability and a publicly reported vulnerability. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1981 CAN-2005-1982 |
Included Updates: 899587 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-041 |
Title: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) |
Update Type: Security Update |
Severity: Moderate |
Date: 2005-09-12 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability in the Remote Desktop Protocol (RDP) exists that could allow an attacker to cause a system to stop responding. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1218 |
Included Updates: 899591 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-040 |
Title: Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) |
Update Type: Security Update |
Severity: Important |
Date: 2005-09-12 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0058 |
Included Updates: 893756 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS03-044 |
Title: Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-09-12 |
| Description: A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer. | ||||
| Vulnerabilities: |
Included Updates: 825119 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-005 |
Title: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-08-22 |
| Description: This update resolves a newly-discovered, privately reported vulnerability that could allow an attacker to run code on the affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-0848 |
Included Updates: 873352 873354 873355 |
Applies to: Office 2002/XP |
||
| Bulletin ID: MS05-043 |
Title: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-08-05 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1984 |
Included Updates: 896423 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-039 |
Title: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-08-05 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1983 |
Included Updates: 899588 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-018 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) |
Update Type: Security Update |
Severity: Important |
Date: 2005-07-26 |
| Description: This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0060 CAN-2005-0061 CAN-2005-0550 CAN-2005-0551 |
Included Updates: 890859 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS05-036 |
Title: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-07-12 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1219 |
Included Updates: 901214 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP Windows XP x64 Edition |
||
| Bulletin ID: MS05-028 |
Title: Vulnerability in Web Client Service Could Allow Remote Code Execution (896426) |
Update Type: Security Update |
Severity: Important |
Date: 2005-06-27 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1207 |
Included Updates: 896426 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-019 |
Title: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-06-14 |
| Description: This update resolves several newly-discovered, privately-reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section. | ||||
| Vulnerabilities: CAN-2004-0230 CAN-2004-0790 CAN-2004-0791 CAN-2004-1060 CAN-2005-0048 CAN-2005-0688 |
Included Updates: 893066 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-024 |
Title: Vulnerability in Web View Could Allow Remote Code Execution (894320) |
Update Type: Security Update |
Severity: Important |
Date: 2005-05-10 |
| Description: This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-1191 |
Included Updates: 894320 |
Applies to: Windows 2000 |
||
| Bulletin ID: MS05-010 |
Title: Vulnerability in the License Logging Service Could Allow Code Execution (885834) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-04-26 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0050 |
Included Updates: 885834 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition |
||
| Bulletin ID: MS04-044 |
Title: Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) |
Update Type: Security Update |
Severity: Important |
Date: 2005-04-13 |
| Description: This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. | ||||
| Vulnerabilities: CAN-2004-0893 CAN-2004-0894 |
Included Updates: 885835 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-017 |
Title: Vulnerability in Message Queuing Could Allow Code Execution (892944) |
Update Type: Security Update |
Severity: Important |
Date: 2005-04-12 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Message Queuing component. By default, the Message Queuing component is not installed on any affected operating system version. Only customers who manually installed the Message Queuing component could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0059 |
Included Updates: 892944 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS05-016 |
Title: Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) |
Update Type: Security Update |
Severity: Important |
Date: 2005-04-12 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0063 |
Included Updates: 893086 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-008 |
Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) |
Update Type: Security Update |
Severity: Important |
Date: 2005-03-25 |
| Description: This update resolves a newly-discovered vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. A privilege elevation vulnerability exists in Windows because of the way that Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page. This malicious Web page could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message. | ||||
| Vulnerabilities: CAN-2003-1027 CAN-2004-0839 CAN-2004-0985 CAN-2005-0053 |
Included Updates: 890047 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-013 |
Title: Cumulative Security Update for Outlook Express (837009) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-03-25 |
| Description: This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system. | ||||
| Vulnerabilities: CAN-2004-0380 |
Included Updates: 837009 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS04-012 |
Title: Cumulative Update for Microsoft RPC/DCOM (828741) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-03-25 |
| Description: This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each vulnerability is documented in this bulletin in its own section. | ||||
| Vulnerabilities: CAN-2003-0807 CAN-2003-0813 CAN-2004-0116 CAN-2004-0124 |
Included Updates: 828741 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS03-018 |
Title: Cumulative Patch for Internet Information Service (811114) |
Update Type: Security Update |
Severity: Important |
Date: 2005-03-25 |
| Description: This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch". | ||||
| Vulnerabilities: |
Included Updates: 811114 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS02-051 |
Title: Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380) |
Update Type: Security Update |
Severity: Moderate |
Date: 2005-03-25 |
| Description: The Remote Data Protocol (RDP) provides the means by which Windows systems can provide remote terminal sessions to clients. The protocol transmits information regarding a terminal sessions' keyboard, mouse and video to the remote client, and is used by Terminal Services in Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP. Two security vulnerabilities, both of which are eliminated by this patch, have been discovered in various RDP implementations. | ||||
| Vulnerabilities: |
Included Updates: 324380 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS02-050 |
Title: Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) |
Update Type: Security Update |
Severity: Important |
Date: 2005-03-08 |
| Description: The original version of this bulletin was released on 05 September 2002. | ||||
| Vulnerabilities: |
Included Updates: 329115 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS05-011 |
Title: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-23 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0045 |
Included Updates: 885250 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-015 |
Title: Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) |
Update Type: Security Update |
Severity: Important |
Date: 2005-02-19 |
| Description: This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-0199 |
Included Updates: 840374 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-014 |
Title: Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001) |
Update Type: Security Update |
Severity: Important |
Date: 2005-02-19 |
| Description: Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action. | ||||
| Vulnerabilities: CAN-2004-0197 |
Included Updates: 837001 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-011 |
Title: Security Update for Microsoft Windows (835732) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-19 |
| Description: Microsoft re-issued this bulletin on June 15, 2004 to advise on the availability of an updated Windows NT 4.0 Workstation update for the Pan Chinese language. | ||||
| Vulnerabilities: CAN-2003-0533 CAN-2003-0663 CAN-2003-0719 CAN-2003-0806 CAN-2003-0906 CAN-2003-0907 CAN-2003-0908 CAN-2003-0909 CAN-2003-0910 CAN-2004-0117 CAN-2004-0118 CAN-2004-0119 CAN-2004-0120 CAN-2004-0123 |
Included Updates: 835732 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-008 |
Title: Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) |
Update Type: Security Update |
Severity: Moderate |
Date: 2005-02-19 |
| Description: A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality. | ||||
| Vulnerabilities: |
Included Updates: 832359 |
Applies to: Windows 2000 |
||
| Bulletin ID: MS04-007 |
Title: ASN.1 Vulnerability Could Allow Code Execution (828028) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-19 |
| Description: A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow. | ||||
| Vulnerabilities: |
Included Updates: 828028 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-006 |
Title: Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) |
Update Type: Security Update |
Severity: Important |
Date: 2005-02-19 |
| Description: A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS uses to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality. | ||||
| Vulnerabilities: |
Included Updates: 830352 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition |
||
| Bulletin ID: MS04-043 |
Title: Vulnerability in HyperTerminal Could Allow Code Execution (873339) |
Update Type: Security Update |
Severity: Important |
Date: 2005-02-17 |
| Description: This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-0568 |
Included Updates: 873339 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-037 |
Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-17 |
| Description: This update resolves several newly-discovered, public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. | ||||
| Vulnerabilities: CAN-2004-0214 CAN-2004-0572 |
Included Updates: 841356 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS04-024 |
Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) |
Update Type: Security Update |
Severity: Important |
Date: 2005-02-17 |
| Description: This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. | ||||
| Vulnerabilities: CAN-2004-0420 |
Included Updates: 839645 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS04-022 |
Title: Vulnerability in Task Scheduler Could Allow Code Execution (841873) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-17 |
| Description: This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-0212 |
Included Updates: 841873 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS04-020 |
Title: Vulnerability in POSIX Could Allow Code Execution (841872) |
Update Type: Security Update |
Severity: Important |
Date: 2005-02-17 |
| Description: This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem). The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-0210 |
Included Updates: 841872 |
Applies to: Windows 2000 |
||
| Bulletin ID: MS04-023 |
Title: Vulnerability in HTML Help Could Allow Code Execution (840315) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-12 |
| Description: This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. | ||||
| Vulnerabilities: CAN-2003-1041 CAN-2004-0201 |
Included Updates: 840315 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS05-015 |
Title: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-08 |
| Description: This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0057 |
Included Updates: 888113 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-014 |
Title: Cumulative Security Update for Internet Explorer (867282) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-08 |
| Description: This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section. | ||||
| Vulnerabilities: CAN-2003-1027 CAN-2004-0839 CAN-2004-0985 CAN-2005-0053 CAN-2005-0054 CAN-2005-0055 CAN-2005-0056 |
Included Updates: 867282 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-013 |
Title: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-08 |
| Description: This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-1319 |
Included Updates: 891781 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-012 |
Title: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-02-08 |
| Description: This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. | ||||
| Vulnerabilities: CAN-2005-0044 CAN-2005-0047 |
Included Updates: 873333 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-007 |
Title: Vulnerability in Windows Could Allow Information Disclosure (888302) |
Update Type: Security Update |
Severity: Important |
Date: 2005-02-08 |
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Vulnerabilities: CAN-2005-0051 |
Included Updates: 888302 |
Applies to: Windows XP |
||
| Bulletin ID: MS05-002 |
Title: Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-01-18 |
| Description: This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. | ||||
| Vulnerabilities: CAN-2004-1049 CAN-2004-1305 |
Included Updates: 891711 |
Applies to: Windows 2000 Windows XP |
||
| Bulletin ID: MS05-001 |
Title: Vulnerability in HTML Help Could Allow Code Execution (890175) |
Update Type: Security Update |
Severity: Critical |
Date: 2005-01-18 |
| Description: This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. This vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-1043 |
Included Updates: 890175 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
| Bulletin ID: MS05-003 |
Title: Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250) |
Update Type: Security Update |
Severity: Important |
Date: 2005-01-11 |
| Description: This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Vulnerabilities: CAN-2004-0897 |
Included Updates: 871250 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
||
