Dan
04-13-2005, 12:16
I didn't see anyone post this yet and want to make sure any users of MS's OS's get their fixes:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA05-102A
Multiple Vulnerabilities in Microsoft Windows Components
Original release date: April 12, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows Systems
For a complete list of affected versions of the Windows operating
systems and components, refer to the Microsoft Security Bulletins.
Overview
Microsoft has released a Security Bulletin Summary for April, 2005.
This summary includes several bulletins that address
vulnerabilities in various Windows applications and
components. Exploitation of some vulnerabilities can result in the
remote execution of arbitrary code by a remote attacker. Details of
the vulnerabilities and their impacts are provided below.
I. Description
The list below provides a mapping between Microsoft's Security
Bulletins and the related US-CERT Vulnerability Notes. More
information related to the vulnerabilities is available in these
documents.
Microsoft Security Bulletin MS05-020:
Cumulative Security Update for Internet Explorer (890923)
VU#774338 Microsoft Internet Explorer DHTML objects contain a
race condition
VU#756122 Microsoft Internet Explorer URL validation routine
contains a buffer overflow
VU#222050 Microsoft Internet Explorer Content Advisor contains a
buffer overflow
Microsoft Security Bulletin MS05-02:
Vulnerability in Exchange Server Could Allow Remote Code
Execution (894549)
VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP
extended verb handling
Microsoft Security Bulletin MS05-022:
Vulnerability in MSN Messenger Could Lead to Remote Code Execution
(896597)
VU#633446 Microsoft MSN Messenger GIF processing
buffer overflow
Microsoft Security Bulletin MS05-019:
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial
of Service (893066)
VU#233754 Microsoft Windows does not adequately validate IP
packets
II. Impact
Exploitation of these vulnerabilities may permit a remote attacker to
execute arbitrary code on a vulnerable Windows system, or cause a
denial-of-service condition.
III. Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the
Security Bulletins and on Windows Update.
Appendix A. References
* Microsoft's Security Bulletin Summary for April, 2005 - <
http://www.microsoft.com/technet/security/...05-apr.mspx> (http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>)
* US-CERT Vulnerability Note VU#774338 -
<http://www.kb.cert.org/vuls/id/774338>
* US-CERT Vulnerability Note VU#756122 -
<http://www.kb.cert.org/vuls/id/756122>
* US-CERT Vulnerability Note VU#222050 -
<http://www.kb.cert.org/vuls/id/222050>
* US-CERT Vulnerability Note VU#275193 -
<http://www.kb.cert.org/vuls/id/275193>
* US-CERT Vulnerability Note VU#633446 -
<http://www.kb.cert.org/vuls/id/633446>
* US-CERT Vulnerability Note VU#233754 -
<http://www.kb.cert.org/vuls/id/233754>
__________________________________________________ _______________
Feedback can be directed to the authors: Will Dormann, Jeff Gennari,
Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff
Havrilla.
__________________________________________________ _______________
This document is available from:
<http://www.us-cert.gov/cas/techalerts/TA05-102A.html>
__________________________________________________ _______________
Copyright 2005 Carnegie Mellon University.
Terms of use: <http://www.us-cert.gov/legal.html>
__________________________________________________ _______________
Revision History
April 12, 2005: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2
glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN
7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF
JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT
XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+
asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw==
=BY/p
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA05-102A
Multiple Vulnerabilities in Microsoft Windows Components
Original release date: April 12, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows Systems
For a complete list of affected versions of the Windows operating
systems and components, refer to the Microsoft Security Bulletins.
Overview
Microsoft has released a Security Bulletin Summary for April, 2005.
This summary includes several bulletins that address
vulnerabilities in various Windows applications and
components. Exploitation of some vulnerabilities can result in the
remote execution of arbitrary code by a remote attacker. Details of
the vulnerabilities and their impacts are provided below.
I. Description
The list below provides a mapping between Microsoft's Security
Bulletins and the related US-CERT Vulnerability Notes. More
information related to the vulnerabilities is available in these
documents.
Microsoft Security Bulletin MS05-020:
Cumulative Security Update for Internet Explorer (890923)
VU#774338 Microsoft Internet Explorer DHTML objects contain a
race condition
VU#756122 Microsoft Internet Explorer URL validation routine
contains a buffer overflow
VU#222050 Microsoft Internet Explorer Content Advisor contains a
buffer overflow
Microsoft Security Bulletin MS05-02:
Vulnerability in Exchange Server Could Allow Remote Code
Execution (894549)
VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP
extended verb handling
Microsoft Security Bulletin MS05-022:
Vulnerability in MSN Messenger Could Lead to Remote Code Execution
(896597)
VU#633446 Microsoft MSN Messenger GIF processing
buffer overflow
Microsoft Security Bulletin MS05-019:
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial
of Service (893066)
VU#233754 Microsoft Windows does not adequately validate IP
packets
II. Impact
Exploitation of these vulnerabilities may permit a remote attacker to
execute arbitrary code on a vulnerable Windows system, or cause a
denial-of-service condition.
III. Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the
Security Bulletins and on Windows Update.
Appendix A. References
* Microsoft's Security Bulletin Summary for April, 2005 - <
http://www.microsoft.com/technet/security/...05-apr.mspx> (http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>)
* US-CERT Vulnerability Note VU#774338 -
<http://www.kb.cert.org/vuls/id/774338>
* US-CERT Vulnerability Note VU#756122 -
<http://www.kb.cert.org/vuls/id/756122>
* US-CERT Vulnerability Note VU#222050 -
<http://www.kb.cert.org/vuls/id/222050>
* US-CERT Vulnerability Note VU#275193 -
<http://www.kb.cert.org/vuls/id/275193>
* US-CERT Vulnerability Note VU#633446 -
<http://www.kb.cert.org/vuls/id/633446>
* US-CERT Vulnerability Note VU#233754 -
<http://www.kb.cert.org/vuls/id/233754>
__________________________________________________ _______________
Feedback can be directed to the authors: Will Dormann, Jeff Gennari,
Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff
Havrilla.
__________________________________________________ _______________
This document is available from:
<http://www.us-cert.gov/cas/techalerts/TA05-102A.html>
__________________________________________________ _______________
Copyright 2005 Carnegie Mellon University.
Terms of use: <http://www.us-cert.gov/legal.html>
__________________________________________________ _______________
Revision History
April 12, 2005: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2
glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN
7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF
JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT
XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+
asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw==
=BY/p
-----END PGP SIGNATURE-----