Posted on Wednesday, October 12 2005 @ 2:02 CEST by Thomas De Maesschalck
Microsoft today released three critical, four important and two moderate security updates as part of its monthly update cycle:
Critical:
Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
A vulnerability exists in DirectShow that could allow an attacker to take complete control of the affected system.
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
Vulnerabilities exist in MSDC and COM+ that could allow an attacker to take complete control of the affected system.
Cumulative Security Update for Internet Explorer (896688)
A vulnerability exists in Internet Explorer that could allow an attacker to take complete control of an affected system.
Important:
Vulnerability in the Client Services for Netware Could Allow Remote Code Execution (899589)
A vulnerability exists in Client Services for NetWare that could allow an attacker to take complete control of the affected system. Client Services for Netware is not installed by default on Microsoft Windows.
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
A vulnerability exists in Plug and Play (PnP) that could allow an attacker to take complete control of the affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Vulnerability in the Microsoft Collaboration Objects Could Allow Remote Code Execution (907245)
A vulnerability exists in Microsoft Collaboration Data Objects that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. The SMTP service in Windows and Exchange is not vulnerable in the default configuration.
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
Vulnerabilities exist in Windows that could allow an attacker to take complete control of the affected system. User interaction is required for an attacker to exploit this vulnerability.
Important:
Vulnerability in the Windows FTP Client Could Allow File Transfer Location and Tampering (905495)
A tampering vulnerability exists in the Windows FTP client that could allow an attacker to modify the intended destination location for a file transfer. User interaction is required for an attacker to exploit this vulnerability.
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
A vulnerability exists in Network Connection Manager that could allow an attacker to cause the component responsible for managing network and remote access connections to stop responding. An attacker must have valid logon credentials to exploit this vulnerability.
You can download them
here.
