News:

03/23/05 10,000th post provided by Cnamon!

Main Menu

CERT Windows Vulnerability Advisories

Started by dc, April 13, 2005, 02:31:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

dc

April 13, 2005, 02:31:38 PM
Time for the latest batch of problems.......

                      National Cyber Alert System

              Technical Cyber Security Alert TA05-102A

Multiple Vulnerabilities in Microsoft Windows Components

   Original release date: April 12, 2005
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows Systems

   For a complete list of affected versions of the Windows operating
   systems and components, refer to the Microsoft Security Bulletins.


Overview

   Microsoft has released a Security Bulletin Summary for April, 2005.
   This summary includes several bulletins that address
   vulnerabilities in various Windows applications and
   components. Exploitation of some vulnerabilities can result in the
   remote execution of arbitrary code by a remote attacker. Details of
   the vulnerabilities and their impacts are provided below.


I. Description

   The list below provides a mapping between Microsoft's Security
   Bulletins and the related US-CERT Vulnerability Notes. More
   information related to the vulnerabilities is available in these
   documents.

   Microsoft Security Bulletin MS05-020:
    Cumulative Security Update for Internet Explorer (890923)

     VU#774338 Microsoft Internet Explorer DHTML objects contain a
               race condition

     VU#756122 Microsoft Internet Explorer URL validation routine
               contains a buffer overflow

     VU#222050 Microsoft Internet Explorer Content Advisor contains a
               buffer overflow


   Microsoft Security Bulletin MS05-02:
    Vulnerability in Exchange Server Could Allow Remote Code
    Execution (894549)

     VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP
               extended verb handling


   Microsoft Security Bulletin MS05-022:
    Vulnerability in MSN Messenger Could Lead to Remote Code Execution
    (896597)

     VU#633446 Microsoft MSN Messenger GIF processing
               buffer overflow


   Microsoft Security Bulletin MS05-019:
    Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial
    of Service (893066)

      VU#233754 Microsoft Windows does not adequately validate IP
                packets


II. Impact

   Exploitation of these vulnerabilities may permit a remote attacker to
   execute arbitrary code on a vulnerable Windows system, or cause a
   denial-of-service condition.


III. Solution

Apply a patch

   Microsoft has provided the patches for these vulnerabilities in the
   Security Bulletins and on Windows Update.


Appendix A. References

     * Microsoft's Security Bulletin Summary for April, 2005 - <
       http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>

     * US-CERT Vulnerability Note VU#774338 -
       <http://www.kb.cert.org/vuls/id/774338>

     * US-CERT Vulnerability Note VU#756122 -
       <http://www.kb.cert.org/vuls/id/756122>

     * US-CERT Vulnerability Note VU#222050 -
       <http://www.kb.cert.org/vuls/id/222050>

     * US-CERT Vulnerability Note VU#275193 -
       <http://www.kb.cert.org/vuls/id/275193>

     * US-CERT Vulnerability Note VU#633446 -
       <http://www.kb.cert.org/vuls/id/633446>

     * US-CERT Vulnerability Note VU#233754 -
       <http://www.kb.cert.org/vuls/id/233754>
   _________________________________________________________________

   Feedback can be directed to the authors: Will Dormann, Jeff Gennari,
   Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff
   Havrilla.
   _________________________________________________________________

    This document is available from:
   
      <http://www.us-cert.gov/cas/techalerts/TA05-102A.html>     
   
   _________________________________________________________________

   Copyright 2005 Carnegie Mellon University.

Gamplayerx

#1
April 13, 2005, 02:38:45 PM
What does that mean in english?

Jessie

#2
April 13, 2005, 02:39:28 PM
It means RUUUUUUNNNN!!!!!!
we should have kept the quote pyramid up to rape Jessie in the face.

dc

#3
April 13, 2005, 02:40:22 PM
Quote from: Gamplayerx on April 13, 2005, 02:38:45 PM
What does that mean in english?

Download the updates from Windows Update unless you have it set up for automatic updates.

ignom

#4
April 13, 2005, 02:43:28 PM
This is where I would make fun of Windows users if my Mac hadn't been messing up a lot lately.
Underneath this flabby exterior is an enormous lack of character.

DownSouth

#5
April 13, 2005, 02:44:24 PM
I should have paid more attention in computer class in high school.
16:15:43 [Gamplayerx] Juneau, I could really go for some pie. You better Belize it!

dc

#6
April 13, 2005, 02:45:32 PM
Quote from: ignom on April 13, 2005, 02:43:28 PM
This is where I would make fun of Windows users if my Mac hadn't been messing up a lot lately.

Your Etch-a-Sketch has been messing up?  I thought if you turned a Mac upside down and shook it back and forth it would clear everything up.....

ignom

#7
April 13, 2005, 02:53:07 PM
Underneath this flabby exterior is an enormous lack of character.

nallen

#8
April 13, 2005, 03:00:09 PM
My Mac has been flawless, so I say PffffffffffffffT  to your mouth-breathing Wintel machines.
May the Magic Plastic bless you and keep you.

Infobahn

#9
April 13, 2005, 04:47:42 PM
I dream of another Mac.

Gamplayerx

#10
April 13, 2005, 06:33:05 PM
I can dream about you, if I can't hold you tonight.

Sorry.  Somehow Infobahn put Dan Hartman in my head.  Incidentally, my date to the homecoming dance in 11th grade was named Dan Hartman.
Print
Go Up Pages1
User actions