dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



Notes:
  • All Security Bulletins can be found at the Microsoft Security Bulletin Search.
  • A summary of all Bulletins documented in 2004 can be found in this archived thread - /forum/remark,9068977~mode=flat
    Released 12/13/05

    MS05-055 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    Non-Affected Software:
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 12/13/05

    MS05-054 Cumulative Security Update for Internet Explorer (905915)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows Server 2003 x64 Edition family
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Affected Components:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

    Released 11/8/05

    MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 10/11/05 Updated 11/2/05

    MS05-052 Cumulative Security Update for Internet Explorer (896688)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems,lI>Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Tested Microsoft Windows Components:

    Affected Components:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

    Revisions:
    • V1.0 (October 11, 2005): Bulletin published
    • V1.1 (October 12, 2005): Bulletin updated to revise the log file name, uninstall directory name, and install registry key name for the Internet Explorer Service Pack 1 security update.
    • V1.2 (October 19, 2005): Bulletin updated to revise the install registry key name for the Windows Server 2003 security update.
    • V1.3 (November 2, 2005): Bulletin revised due to new issues discovered with the security update: Microsoft Knowledge Base Article 909889: ActiveX controls may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052) and Microsoft Knowledge Base Article 909738: A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052).

    Released 10/11/05 Updated 10/25/05

    MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Revisions:
    • V1.0 (October 11, 2005): Bulletin published.
    • V1.1 (October 14, 2005): Bulletin revised to advise customers of the availability of Microsoft Knowledge Base Article 909444 which describes a potential issue which may be encountered after installing this update.
    • V1.2 October 25, 2005): Security update replacement revised for MS04-012 on Microsoft Windows 2000. Additionally, mitigating factors for MSDTC Vulnerability (CAN-2005-2119) have been updated to advise customers that that the Microsoft Distributed Transaction Coordinator is not started by default on Windows 2000 Professional.

    Released 10/11/05 Updated 12/13/05

    MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft DirectX 7.0 on Microsoft Windows 2000 with Service Pack 4
    • Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and on Microsoft Windows XP with Service Pack 2
    • Microsoft DirectX 8.1 on Microsoft Windows XP Professional x64 Edition
    • Microsoft DirectX 8.1 on Microsoft Windows Server 2003 and on Microsoft Windows Server 2003 with Service Pack 1
    • Microsoft DirectX 8.1 on Microsoft Windows Server 2003 for Itanium-based Systems and on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft DirectX 8.1 on Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Tested Microsoft Windows Components:

    Affected Components:
    • Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, 8.1b, and 8.2 when installed on Windows 2000 Service Pack 4
    • Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 2000 Service Pack 4
    • Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows XP Service Pack 1,li>Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows Server 2003

    Revisions:
    • V1.0 (October 11, 2005): Bulletin published.
    • V1.1 (October 12, 2005): Bulletin updated to provide additional clarity around DirectX versions in the Affected Software section.
    • V1.2 (October 19, 2005): Bulletin updated for the following: Caveats and FAQ were updated to reflect the available Microsoft Knowledge Base Article 909596 and to clarify a known issue that affected Windows 2000 SP4 customers who were running DirectX. In the "Frequently asked questions (FAQ) related to this security update" section, updated the "What updates does this release replace" question to make it clearer with regards to DirectX and Windows 2000. Added information about Windows XP Professional x64 Edition to the "File Information" section under "Windows XP (all versions)". Revised the "DirectX Standalone" "Registry Key Verification" for all versions.
    • V1.3 (October 21, 2005): Bulletin updated to revise file version under the "Frequently asked questions (FAQ) related to this security update" section for Ive installed the DirectX (KB904706) security update, what version of quartz.dll should I have installed? DirectX Windows 2000 Service Pack 4 versions 7.0 and 9.0.
    • V1.4 (November 8, 2005): Bulletin updated the following: Microsoft has also been made aware that when installing the "Security Update for DirectX 8.1 for Windows XP Service Pack 1 or "Security Update for DirectX 8.1 for Windows 2003" package on a computer that has DirectX 9; the install completes successfully without giving any indication that the computer was not updated. Users running DirectX 9 will still be vulnerable to the issue discussed within MS05-050 until they apply the appropriate package for their DirectX version. In "Frequently asked questions (FAQ) related to this security update" section, updated the "How can I determine whether I am running an updated version of DirectX on my system?" for Windows 2000 SP4 Multi-User Interface (MUI) users.
    • V2.0 (December 13, 2005): Bulletin updated to advise customers that a revised version of the security update is available for Windows 2000 SP4, Windows XP SP1 and Windows 2003, listed in the Affected Software section. Customers that have applied the appropriate version of DirectX on the appropriate version of Windows need not take any action. Customers that may have installed the incorrect DirectX package manually are encouraged to evaluate their systems and re-deploy the correct update to ensure that the correct version of DirectX has been updated. For additional information, see Why did Microsoft update this bulletin on November 9, 2005. in "Frequently asked questions (FAQ) related to this security update" section.

    Released 10/11/05

    MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 10/11/05

    MS05-048 Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    • Microsoft Exchange Server 5.5
    • Microsoft Exchange Server 2003
    • Microsoft Exchange Server 2003 Service Pack 1

    Released 10/11/05

    MS05-047 Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    Non-Affected Software:
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 10/11/05

    MS05-046 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    Non-Affected Software:
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    • Windows Services for Netware

    Released 10/11/05 Updated 10/21/05

    MS05-045 Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    Non-Affected Software:
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Revisions:
    • V1.0 (October 11, 2005): Bulletin published.
    • V1.1 (October 21, 2005): Bulletin updated to revise the install registry key name for the Windows Server 2003 security update.

    Released 10/11/05 Updated 10/26/05

    MS05-044 Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems

    Affected Components:
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
    Non-Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Non-Affected Components:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    Revisions:
    • V1.0 (October 11, 2005): Bulletin published
    • V1.1 (October 26, 2005): Bulletin updated to revise the mitigating factors section

    Released 8/9/05 Updated 8/17/05

    MS05-043 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems

    Non-Affected Software:
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Revisions:
    • V1.0 (August 9, 2005): Bulletin published
    • V1.1 (August 17, 2005): Bulletin updated to clarify text provided in the Workarounds section.

    Released 8/9/05

    MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 8/9/05

    MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Microsoft Windows 2000 Server Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

    Non-Affected Software:
    • Microsoft Windows 2000 Professional Service Pack 4
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 8/9/05

    MS05-040 Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

    Released 8/9/05

    MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 8/9/05

    MS05-038 Cumulative Security Update for Internet Explorer (896727)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

    Affected Components:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

    Released 7/12/05 Updated 7/20/05

    MS05-037 Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Affected Components:
    • JView Profiler
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about these operating systems.
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about these operating systems.

    Revisions:
    • V1.0 (July 12, 2005): Bulletin published
    • V1.1 (July 20, 2005): Added section in JView Profiler FAQ about how to detect if Javaprxy.dll is on a computer. Updated title in Security Update section to reflect all supported versions of Windows 2000.

    Released 7/12/05 Updated 7/20/05

    MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

    Revisions:
    • V1.0 (July 12, 2005): Bulletin published
    • V1.1 (July 20, 2005): Restart requirement information updated.

    Released 7/12/05

    MS05-035 Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Office 2000 Software Service Pack 3
      • Word 2000
    • Microsoft Office XP Software Service Pack 3
      • Word 2002
    • Microsoft Works Suites:
      • Microsoft Works Suite 2000
      • Microsoft Works Suite 2001
      • Microsoft Works Suite 2002
      • Microsoft Works Suite 2003
      • Microsoft Works Suite 2004
    Non-Affected Software:
    • Microsoft Office 2003 Word
    • Microsoft Office Word 2003 Viewer

    Released 6/14/05

    MS05-034 Cumulative Security Update for ISA Server 2000 (899753)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2

      Note The following software programs include ISA Server 2000. Customers who use these software programs should install the provided ISA Server 2000 security update.
    • Microsoft Small Business Server 2000
    • Microsoft Small Business Server 2003 Premium Edition

    Released 6/14/05 Updated 7/12

    MS05-033 Vulnerability in Telnet Client Could Allow Information Disclosure (896428)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows Services for UNIX 3.5 when running on Windows 2000
    • Microsoft Windows Services for UNIX 3.0 when running on Windows 2000
    • Microsoft Windows Services for UNIX 2.2 when running on Windows 2000
    Non-Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Revisions:
    • V1.0 (June 14, 2005): Bulletin published
    • V1.1 (June 15, 2005): Bulletin Acknowledgments section revised with additional details.
    • V1.2 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.
    • V2.0 (July 12, 2005): Bulletin revised to communicate the availability of security updates for Services for UNIX 2.0 and Services for UNIX 2.1. The Security Update Information section has also be revised with updated information related to the additional security updates.

    Released 6/14/05 Updated 6/29

    MS05-032 Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Revisions:
    • V1.0 (June 14, 2005): Bulletin published
    • V1.1 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.

    Released 6/14/05 Updated 6/15

    MS05-031 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Affected Components:
    • Step-by-Step Interactive Training
    • Step-by-Step Interactive Training when it is running on Itanium-based systems
    • Step-by-Step Interactive Training when it is running on x64-based systems
    Revisions:
    • V1.0 (June 14, 2005): Bulletin published
    • V1.1 (June 15, 2005): Bulletin Acknowledgments section revised with additional details.

    Released 6/14/05

    MS05-030 Cumulative Security Update in Outlook Express (897715)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows Server 2003
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Affected Components:
    • Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 3 and on Microsoft Windows 2000 Service Pack 4
    • Outlook Express 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
    • Outlook Express 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Outlook Express 6 for Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Outlook Express 6 for Microsoft Windows Server 2003 for Itanium-based Systems
    • Outlook Express 6 for Microsoft Windows Server 2003
    Non-Affected Software:
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows XP Professional x64 Edition

    • Microsoft Windows XP Service Pack 2

    Released 6/14/05 Updated 7/6

    MS05-029 Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Exchange Server 5.5 Service Pack 4
    Non-Affected Software:
    • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004.
    • Microsoft Exchange Server 2003
    • Microsoft Exchange Server 2003 Service Pack 1
    Revisions:
    • V1.0 (June 14, 2005): Bulletin published
    • V1.1 (July 6, 2005): Bulletin updated to add /s for the security update without any user intervention command for Exchange Server 5.5 Service Pack 4

    Released 6/14/05

    MS05-028 Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    Non-Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 6/14/05 Updated 6/29

    MS05-027 Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    Non-Affected Software:

    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Revisions:
    • V1.0 (June 14, 2005): Bulletin published
    • V1.1 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.

    Released 6/14/05 Updated 6/29

    MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution (896358)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Revisions:
    • V1.0 (June 14, 2005): Bulletin published
    • V1.1 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.

    Released 6/14/05

    MS05-025 Cumulative Security Update for Internet Explorer (883939)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Affected Components:
    • Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    • Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Internet Explorer 6 for Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, and Microsoft Windows XP Professional x64 Edition
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

    Released 5/10/05

    MS05-024 Vulnerability in Web View Could Allow Remote Code Execution (894320)

    Maximum Severity Rating: Important

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Non-Affected Software:
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

    Released 4/12/05 Updated 4/14

    MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)

    Maximum Severity Rating: Critical

    Affected Software
    • Microsoft Word 2000 and Microsoft Works Suite 2001
    • Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004
    • Microsoft Office Word 2003
    Revisions:
    • (V1.0 April 12, 2005): Bulletin published
    • (V1.1 April 14, 2005): Bulletin updated to reflect a revised Security Update Information section for the Word 2003 security update

    Released 4/12/05

    MS05-022 Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)

    Maximum Severity Rating: Critical

    Affected Software
    • Affected Software:
    • MSN Messenger 6.2
    Non-Affected Software:
    • MSN Messenger 7.0

    Released 4/12/05 Updated 4/14

    MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)

    Maximum Severity Rating: Critical

    Affected Software
    • Microsoft Exchange 2000 Server Service Pack 3
    • Microsoft Exchange Server 2003
    • Microsoft Exchange Server 2003 Service Pack 1
    Non-Affected Software:
    • Microsoft Exchange Server 5.5 Service Pack 4
    • Microsoft Exchange Server 5.0 Service Pack 2
    Revisions:
    • V1.0 (April 12, 2005): Bulletin published
    • V1.1 (April 14, 2005): Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround Unregister xlsasink.dll and fallback to Active Directory for distribution of route information.

    Released 4/12/05

    MS05-020 Cumulative Security Update for Internet Explorer (890923)

    Maximum Severity Rating: Critical

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Affected Components:
    • Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Internet Explorer 6 for Microsoft Windows Server 2003
    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    Non-Affected Software:
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows XP Professional x64 Edition

    Released 4/12/05 Updated 6/14

    MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)

    Maximum Severity Rating: Critical

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.
    Non-Affected Software:
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    Revisions:
    • V1.0 (April 12, 2005): Bulletin published
    • V1.1 (May 11, 2005): Microsoft updated this bulletin today to advise customers that we plan to re-release the MS05-019 security update in June, 2005. Until the re-release of this security update is available, customers experiencing the symptoms described in Microsoft Knowledge Base Article 898060 should follow the documented instructions to address this issue. If you are not experiencing this network connectivity issue we recommend that you install the currently available security update to help protect against the vulnerabilities described in this security bulletin.
    • V2.0 (June 14, 2005): Microsoft updated this bulletin today to advise customers that a revised version of the security update is available. We recommend installing this revised security update even if you have installed the previous version. The revised security update will be available through Windows Update, Software Update Services (SUS), and will be recommended by the Microsoft Baseline Security Analyzer (MBSA).

    Released 4/12/05

    MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)

    Maximum Severity Rating: Critical

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

    • Microsoft Windows Server 2003,li>Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Non-Affected Software:
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows XP Professional x64 Edition

    Released 4/12/05 Updated 4/14

    MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944)

    Maximum Severity Rating: Important

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Non-Affected Software:
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    Revisions:
    • V1.0 (April 12, 2005): Bulletin published
    • V1.1 (April 14, 2005): Bulletin updated to reflect an updated Registry Key Verification section for the Windows XP Service Pack 1 security update

    Released 4/12/05

    MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)

    Maximum Severity Rating: Important

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE) Review the FAQ section of this bulletin for details about these operating systems.
    Non-Affected Software:
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows Millennium Edition (ME)

    Released 2/8/05 Updated 3/8/05

    MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

    Maximum Severity Rating: Critical

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Revisions:
    • V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 15, 2005): Mitigating factor for ISA 2004 updated.
    • V1.2 (March 8, 2005): Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.

    Released 2/8/05

    MS05-014 Cumulative Security Update for Internet Explorer (867282)

    Maximum Severity Rating: Critical

    Affected Software
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Affected Components:
    • Internet Explorer 5.01 Service Pack 3 (SP3) on Windows 2000 Service Pack 3
    • Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition: Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition: Review the FAQ section of this bulletin for details about this version.
    • Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
    • Internet Explorer 6 for Windows Server 2003
    • Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
    • Internet Explorer 6 for Windows XP Service Pack 2

    Released 2/8/05 Updated 2/15/05

    MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    Revisions:
    • V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 15, 2005): Updated the Caveats section to reflect None as there are no caveats associated with this update.

    Released 2/8/05

    MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Exchange 2000 Server Service Pack 3 (uses the Windows OLE component)
    • Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 Service Pack 1 (uses the Windows OLE component)
    • Microsoft Exchange Server 5.0 Service Pack 2 (uses the Windows OLE component)
    • Microsoft Exchange Server 5.5 Service Pack 4 (uses the Windows OLE component)
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
    • Microsoft Office XP Service Pack 3 (uses the Windows OLE component)

      Microsoft Office XP Service Pack 2 (uses the Windows OLE component)

      Microsoft Office XP Software:
      • Outlook 2002
      • Word 2002
      • Excel 2002
      • PowerPoint 2002
      • FrontPage 2002
      • Publisher 2002
      • Access 2002
    • Microsoft Office 2003 Service Pack 1 (Uses the Windows OLE component)

      Microsoft Office 2003 (Uses the Windows OLE component)

      Microsoft Office 2003 Software:
      • Outlook 2003
      • Word 2003
      • Excel 2003
      • PowerPoint 2003
      • FrontPage 2003
      • Publisher 2003
      • Access 2003
      • InfoPath 2003
      • OneNote 2003

    Released 2/8/05

    MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    Non-Affected Software:
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 2/8/05 Updated 2/23/05

    MS05-010 Vulnerability in the License Logging Service Could Allow Code Execution (885834)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows NT Server 4.0 Service Pack 6a
    • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    • Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    Non-Affected Software:
    • Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Revisions:
      V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 23, 2005): Bulletin updated to reflect a revised Security Update Information section for Windows Server 2003

    Released 2/8/05 Updated 4/12

    MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP Service Pack 1 and Windows Server 2003)
    • Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems)
    • Microsoft MSN Messenger 6.1
    • Microsoft MSN Messenger 6.2
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

    Non-Affected Software:
    • Windows Media Player 6.4
    • Windows Media Player 7.1
    • Windows Media Player for Windows XP (8.0)
    • Windows Media Player 9 Series for Windows XP Service Pack 2
    • Windows Media Player 10
    • MSN Messenger for Mac
    Affected Components:
    • Microsoft Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1)
    • Microsoft Windows Messenger version 4.7.0.3000 (when running on Windows XP Service Pack 2)
    Revisions:
    • V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 11, 2005): Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger CAN-2004-0597
    • V1.2 (February 15, 2005): Bulletin updated with correct file version information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to Non-Affected Software list.
    • V2.0 (April 12, 2005): Bulletin updated to announce the availability of an updated package for Microsoft Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1)

    Released 2/8/05

    MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

    Released 2/8/05

    MS05-007 Vulnerability in Windows Could Allow Information Disclosure (888302)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)

    Non-Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

    Released 2/8/05 Updated 3/2/05

    MS05-006 Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

    Maximum Severity Rating: Moderate

    Affected Software:
    • Windows SharePoint Services for Windows Server 2003
    • SharePoint Team Services from Microsoft

    Non-Affected Software:
    • Microsoft Windows Server 2003 for Itanium-based Systems
    • SharePoint Portal Server 2003 (all versions)
    • SharePoint Portal Server 2001 (all versions)
    Revisions:
    • V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 15, 2005): Bulletin updated to document information about other software that may include the affected software. SharePoint Portal Server 2003 and Small Business Server 2003 (all versions) include Windows SharePoint Services for Windows Server 2003. Customers using this software should install the available Windows SharePoint Services for Windows Server 2003 security update.

    Released 2/8/05 Updated 3/3/05

    MS05-005 Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Office XP Software Service Pack 3
    • Microsoft Office XP Software Service Pack 2
    • Microsoft Office XP Software:
      • Word 2002
      • PowerPoint 2002
    • Microsoft Project 2002
    • Microsoft Visio 2002
    • Microsoft Works Suite 2002
    • Microsoft Works Suite 2003
    • Microsoft Works Suite 2004
    Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section.

    Non-Affected Software:
    • Microsoft Office 2000
    • Microsoft Office 2003
    Revisions:
    • V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 15, 2005): Bulletin updated to clarify prerequisites under Visio 2002 Update Information.
    • V1.2 (February 23, 2005): Bulletin updated to add an additional FAQ as well as clarify install steps under Update Information.
    • V1.3 (March 3, 2005): Bulletin updated to add a feature list for all products under the Update Information section, Administrative Installation details.

    Released 2/8/05 Updated 6/14/05

    MS05-004 ASP.NET Path Validation Vulnerability (887219)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft .NET Framework 1.0
    • Microsoft .NET Framework 1.1
    Affected Components:
    • ASP.NET
    Revisions:
    • V1.0 (February 8, 2005): Bulletin published
    • V1.1 (February 15, 2005): Bulletin updated to include Knowledge Base Article numbers for each individual download under Affected Products.
    • V1.2 (March 16, 2005): Bulletin Caveats section has been updated to document known issues that customers may experience when installing the available security updates.
    • V2.0 (June 14, 2005): Bulletin updated to announce the availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system versions: (887998) Windows XP Tablet PC Edition and Windows XP Media Center Edition.

    Released 1/11/05

    MS05-003 Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)

    Maximum Severity Rating: Important

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Version 2003
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 64-Bit Edition
    Non-Affected Software:
    • Microsoft Windows NT Server 4.0 Service Pack 6a
    • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    Affected Components:
    • Indexing Service

    Released 1/11/05 Updated 4/12

    MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows NT Server 4.0 Service Pack 6a
    • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Version 2003
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 64-Bit Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.
    Non-Affected Software:
    • Microsoft Windows XP Service Pack 2
    Revisions:

    • V1.0 (January 11, 2005): Bulletin published
    • V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.
    • V1.2 (March 8, 2005): Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.
    • V2.0 (April 12, 2005): Bulletin updated to advise on the availability of revised security updates for Windows 98, 98SE and ME.

    Released 1/11/05

    MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP 64-Bit Edition Service Pack 1
    • Microsoft Windows XP 64-Bit Edition Version 2003
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 64-Bit Edition
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.
    Non-Affected Software:
    • Microsoft Windows NT Server 4.0 Service Pack 6a
    • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    Affected Components:
    • Internet Explorer 6.0 Service Pack 1 when installed on Microsoft Windows NT Server 4.0 Service Pack 6a or Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6



    Expand got feedback?

    by MSeng See Profile
    last modified: 2006-01-05 18:11:51