Microsoft Security Bulletin(s) for 2/8/05

Author	All Replies
JmanB Premium,VIP join:2003-08-27 Redmond, WA ·Vonage	Microsoft Security Bulletin(s) for 2/8/05 February 8, 2005 Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summary: »www.microsoft.com/technet/securi···feb.mspx Critical Bulletins: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) »www.microsoft.com/technet/securi···005.mspx Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) »www.microsoft.com/technet/securi···mspx Vulnerability in the License Logging Service Could Allow Code Execution (885834) »www.microsoft.com/technet/securi··· Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) »www.microsoft.com/technet/securi···mspx Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) »www.microsoft.com/technet/securi···012.mspx Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) »www.microsoft.com/technet/securi···013.mspx Cumulative Security Update for Internet Explorer (867282) »www.microsoft.com/technet/securi···014.mspx Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) »www.microsoft.com/technet/securi···015.mspx Important Bulletins: ASP.NET Path Validation Vulnerability (887219) »www.microsoft.com/technet/securi···004.mspx Vulnerability in Windows Could Allow Information Disclosure (888302) »www.microsoft.com/technet/securi···007.mspx Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) »www.microsoft.com/technet/securi···008.mspx Moderate Bulletins: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) »www.microsoft.com/technet/securi···006.mspx Re-released Bulletins: Vulnerability in SMTP Could Allow Remote Code Execution (885881) »www.microsoft.com/technet/securi···035.mspx Security bulletin summary for October 2004 »www.microsoft.com/technet/securi···oct.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights.
	to forum · permalink · · 2005-02-08 13:31:44 ·
Buddel If it ain't broke, don't fix it. Premium join:2004-03-06 EU 1 edit	Thanks very much for the official announcement.:)
	to forum · permalink · · 2005-02-08 13:35:08 ·
Kabanos Premium join:2001-06-29 4 edits	reply to JmanB Date Published: 2/8/2005 Security Update for SharePoint Team Services (KB890829) A security vulnerability exists in SharePoint Team Services from Microsoft that could allow cross-site scripting and spoofing attacks. This update resolves that vulnerability. »www.microsoft.com/downloads/deta···ylang=en Security Update for Visio 2002 (KB873354) A security vulnerability exists in Microsoft Visio 2002 that could allow malicious code execution when Visio documents are stored and opened from a web site. This update resolves this vulnerability. »www.microsoft.com/downloads/deta···ylang=en -- non nova, sed nove
	to forum · permalink · · 2005-02-08 13:46:37 ·
trparky Bite My Shiny Metal Ass Premium,MVM join:2000-05-24 Cleveland, OH clubs:	Where is that Windows Media Player 10 DRM Fix that they were promising us this month?
	to forum · permalink · · 2005-02-08 14:21:10 ·
psloss Premium join:2002-02-24 Alpharetta, GA	reply to JmanB I guess we'll have to wait and see if eEye releases their own advisory for MS05-011, but that one sounds like it has worm possibilities. Unfortunately. The details in the Microsoft bulletin are too vague for me. I'd like more detail because if this one has a higher potential for widespread exploitation, then it might get more attention from the bad guys. And then I'd want to expedite applying this patch over the others that need to go through stability/acceptance testing before they go on production systems. Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2005-02-08 14:38:02 ·
JmanB Premium,VIP join:2003-08-27 Redmond, WA ·Vonage	reply to trparky said by trparky : Where is that Windows Media Player 10 DRM Fix that they were promising us this month? This is news to me. Can you explain? -- Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights.
	to forum · permalink · · 2005-02-08 14:41:12 ·
gkweb join:2003-06-09 76800	reply to psloss I also think that the vulnerability MS05-011 has worm possibilities. In fact after receiving the bugtrack email about it I directly sent a message to my website newsletter suscribers. I am also looking forward for a more detailed explanation about this one. regards, gkweb. -- DiamondCS beta-tester Outpost beta-tester Jetico beta-tester Firewall tester : »www.firewallleaktester.com
	to forum · permalink · · 2005-02-08 14:47:53 ·
trparky Bite My Shiny Metal Ass Premium,MVM join:2000-05-24 Cleveland, OH clubs: ·AT&T U-Verse	Microsoft at one time or another told the general public that they would not fix the DRM exploit in Windows Media Player 10 that allows spyware and other types of malware to get into your system via a WMA and WMV DRM-Protected file. Then, they retracted that statement and told the general public, probably because of great public outcry, that they would fix the issue. So, where is this patch for a highly critical flaw in the DRM system? -- WedgeAntilles250 Tom's Rant
	to forum · permalink · · 2005-02-08 14:54:02 ·
Morac join:2001-08-30 Riverside, NJ ·Comcast	reply to JmanB said by JmanB : This is news to me. Can you explain? See »Microsoft Will Patch DRM Exploit -- The Comcast Disney Avatar has been retired.
	to forum · permalink · · 2005-02-08 15:17:16 ·
Cudni La Merma - Vigilado Premium,MVM join:2003-12-20 Someshire	reply to JmanB Thanks for the update and for listing links to them all Cudni
	to forum · permalink · · 2005-02-08 18:51:27 ·
Skipdawg The Original Premium,ExMod 2001-03 join:2001-04-19 The Void	reply to JmanB Thanks ya much. All 10 of my updates installed smooth as could be. -- Proud United States Navy Veteran!
	to forum · permalink · · 2005-02-08 19:09:40 ·
Khaine join:2003-03-03 Australia	reply to JmanB Thanks jbMSFT
	to forum · permalink · · 2005-02-08 19:12:42 ·
Libra Premium join:2003-08-06 USA	reply to JmanB Thank you very much. I successfully updated XP with 10 updates and 98 with two. Sincerely, Libra
	to forum · permalink · · 2005-02-09 01:11:51 ·
psloss Premium join:2002-02-24 Alpharetta, GA	reply to psloss said by psloss : I guess we'll have to wait and see if eEye releases their own advisory for MS05-011, but that one sounds like it has worm possibilities. eEye has posted their advisory, which at least makes it clearer what the issue is. Doesn't seem like an inbound issue as much as an outbound one and doesn't seem like it would be bigger bait for the bad guys than any of the other defects that were fixed. Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2005-02-09 13:43:02 ·
jsmithxxx join:2002-10-04	I have my Automatic Updates set to notify me before download. I get the notification, see the fixes listed, and I click download. Then, the automatic updates window disappears and the little yellow shield in the systray disappears, and nothing happens. Anyone else have this problem?
	to forum · permalink · · 2005-02-10 02:53:38 ·
DSL_Steve Premium join:2003-11-28 Woodbury, CT 2 edits	said by jsmithxxx : I have my Automatic Updates set to notify me before download. I get the notification, see the fixes listed, and I click download. Then, the automatic updates window disappears and the little yellow shield in the systray disappears, and nothing happens. Anyone else have this problem? Yup, exactly the same problem on an XP Home SP2 box. First I said screw it and went to Windows Update site to install them and everytime I'd try I'd get an install failure instantly...it didn't even try to download the updates. Tried about 5 five times with the same result. I then turned off Auto Update completely and everything worked/installed fine from the Windows Update site. I've had this exact same experience before. I think there are some bugs in the "Notify me before download..." feature. I've switched the settings over to full Auto for the future.
	to forum · permalink · · 2005-02-10 09:26:34 ·
marc57 join:2001-08-02 Saint Marys, WV	reply to jsmithxxx There's a new windows XP update that states: Update for Windows XP (KB887742) This update addresses an issue that could cause your system to stop responding if certain firewall or antivirus programs are installed. You can help resolve this issue by installing this HTTP.sys update from Microsoft. After you install this item, you may have to restart your computer. It doesn't name the firewalls or A/V this is for, but I thought I would give everyone a heads up.
	to forum · permalink · · 2005-02-23 17:20:34 ·


Friday, 27-Nov 10:20:18	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF