Hello Sluggers,
My ISP sends out bulletins to all of it's subscribers. Here is the
latest:
Fw: US-CERT Technical Cyber Security Alert TA05-102A -- Multiple
Vulnerabilities in Microsoft Windows Components
From:
"Rob Marlowe" <rob@marlowe.net>
To:
rnr@sanctum.com
Date:
Wed Apr 13 06:54:24 2005
Time to check for Windows updates again....
Several of these are critical.
----- Original Message -----
From: "US-CERT Technical Alerts" <technical-alerts@us-cert.gov>
To: <technical-alerts@us-cert.gov>
Sent: Tuesday, April 12, 2005 9:22 PM
Subject: US-CERT Technical Cyber Security Alert TA05-102A -- Multiple
Vulnerabilities in Microsoft Windows Components
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> National Cyber Alert System
>
> Technical Cyber Security Alert TA05-102A
>
> Multiple Vulnerabilities in Microsoft Windows Components
>
> Original release date: April 12, 2005
> Last revised: --
> Source: US-CERT
>
>
> Systems Affected
>
> * Microsoft Windows Systems
>
> For a complete list of affected versions of the Windows operating
> systems and components, refer to the Microsoft Security Bulletins.
>
>
> Overview
>
> Microsoft has released a Security Bulletin Summary for April, 2005.
> This summary includes several bulletins that address
> vulnerabilities in various Windows applications and
> components. Exploitation of some vulnerabilities can result in the
> remote execution of arbitrary code by a remote attacker. Details of
> the vulnerabilities and their impacts are provided below.
>
>
> I. Description
>
> The list below provides a mapping between Microsoft's Security
> Bulletins and the related US-CERT Vulnerability Notes. More
> information related to the vulnerabilities is available in these
> documents.
>
> Microsoft Security Bulletin MS05-020:
> Cumulative Security Update for Internet Explorer (890923)
>
> VU#774338 Microsoft Internet Explorer DHTML objects contain a
> race condition
>
> VU#756122 Microsoft Internet Explorer URL validation routine
> contains a buffer overflow
>
> VU#222050 Microsoft Internet Explorer Content Advisor contains a
> buffer overflow
>
>
> Microsoft Security Bulletin MS05-02:
> Vulnerability in Exchange Server Could Allow Remote Code
> Execution (894549)
>
> VU#275193 Microsoft Exchange Server contains unchecked buffer in
SMTP
> extended verb handling
>
>
> Microsoft Security Bulletin MS05-022:
> Vulnerability in MSN Messenger Could Lead to Remote Code Execution
> (896597)
>
> VU#633446 Microsoft MSN Messenger GIF processing
> buffer overflow
>
>
> Microsoft Security Bulletin MS05-019:
> Vulnerabilities in TCP/IP Could Allow Remote Code Execution and
Denial
> of Service (893066)
>
> VU#233754 Microsoft Windows does not adequately validate IP
> packets
>
>
> II. Impact
>
> Exploitation of these vulnerabilities may permit a remote attacker
to
> execute arbitrary code on a vulnerable Windows system, or cause a
> denial-of-service condition.
>
>
> III. Solution
>
> Apply a patch
>
> Microsoft has provided the patches for these vulnerabilities in the
> Security Bulletins and on Windows Update.
>
>
> Appendix A. References
>
> * Microsoft's Security Bulletin Summary for April, 2005 - <
>
http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>
>
> * US-CERT Vulnerability Note VU#774338 -
> <http://www.kb.cert.org/vuls/id/774338>
>
> * US-CERT Vulnerability Note VU#756122 -
> <http://www.kb.cert.org/vuls/id/756122>
>
> * US-CERT Vulnerability Note VU#222050 -
> <http://www.kb.cert.org/vuls/id/222050>
>
> * US-CERT Vulnerability Note VU#275193 -
> <http://www.kb.cert.org/vuls/id/275193>
>
> * US-CERT Vulnerability Note VU#633446 -
> <http://www.kb.cert.org/vuls/id/633446>
>
> * US-CERT Vulnerability Note VU#233754 -
> <http://www.kb.cert.org/vuls/id/233754>
> _________________________________________________________________
>
> Feedback can be directed to the authors: Will Dormann, Jeff Gennari,
> Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff
> Havrilla.
> _________________________________________________________________
>
> This document is available from:
>
> <http://www.us-cert.gov/cas/techalerts/TA05-102A.html>
>
> _________________________________________________________________
>
> Copyright 2005 Carnegie Mellon University.
>
> Terms of use: <http://www.us-cert.gov/legal.html>
> _________________________________________________________________
>
> Revision History
>
> April 12, 2005: Initial release
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2
> glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN
> 7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF
> JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT
> XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+
> asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw==
> =BY/p
> -----END PGP SIGNATURE-----
>
Maybe the "dual" people on this list will find this handy.
Bob S.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:38:44 EDT