Microsoft issues 10 security patches

Posted on Tuesday, Jun 14 2005 @ 22:24 CEST by Thomas De Maesschalck
Microsoft released ten new security updates today. Three of the updates are rated as critical, four as important and three as moderate:
Critical:
  • Cumulative Security Update for Internet Explorer (883939)
    Vulnerabilities exist in Internet Explorer, the most sever of these could allow an attacker to take complete control of an affected system.
  • Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
    A vulnerability exists in HTML Help that could allow an attacker to take complete control of an affected system.
  • Vulnerability in SMB Could Allow Remote Code Execution (896422)
    A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. An attacker needs to authenticate to be able to exploit this vulnerability.

    Important:
  • Vulnerability in Web Client Service May Allow Remote Code Execution (896426)
    A vulnerability exists in the Windows Web Client Service that could allow an attacker to take complete control of an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
  • Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)
    A cross-site scripting vulnerability exists in Outlook Web Access for Microsoft Exchange that could allow an attacker to run a malicious script in Outlook Web Access.
  • Cumulative Security Update for Outlook Express (897715)
    A vulnerability exists in Outlook Express that could allow an attacker to take complete control of an affected system. User interaction is required to exploit this vulnerability and an attacker would need to persuade a user to connect to their News (NNTP) server.
  • Vulnerability in Microsoft Windows Interactive Training Could Allow Remote Code Execution (898458)
    A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. Microsoft Windows Interactive Training is not installed by default.

    Moderate:
  • Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
    A vulnerability exists in Microsoft Agent that could enable an attacker to spoof trusted Internet content. An attacker first have to persuade a user to visit the attacker’s site to attempt to exploit this vulnerability.
  • Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
    A vulnerability exists in the Windows Telnet Client that could enable an attacker to retrieve unpredictable information from a system. User interaction is required to exploit this vulnerability and an attacker would need to persuade a user to connect to their Telnet server.
  • Cumulative Security Update for ISA Server 2000 (899753)
    Vulnerabilities exist in Microsoft ISA Server 2000 that could allow circumvention of a packet filter and enable an attacker to retrieve unpredictable information from an ISA Server’s cache or from a system behind the ISA server.
  • The updates can be downloaded through Windows Update or here


    About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments