Jump to content

Cert Advisory - Ms Security Issue


cdnvic

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA05-102A

Multiple Vulnerabilities in Microsoft Windows Components

Original release date: April 12, 2005

Last revised: --

Source: US-CERT

Systems Affected

* Microsoft Windows Systems

For a complete list of affected versions of the Windows operating

systems and components, refer to the Microsoft Security Bulletins.

Overview

Microsoft has released a Security Bulletin Summary for April, 2005.

This summary includes several bulletins that address

vulnerabilities in various Windows applications and

components. Exploitation of some vulnerabilities can result in the

remote execution of arbitrary code by a remote attacker. Details of

the vulnerabilities and their impacts are provided below.

I. Description

The list below provides a mapping between Microsoft's Security

Bulletins and the related US-CERT Vulnerability Notes. More

information related to the vulnerabilities is available in these

documents.

Microsoft Security Bulletin MS05-020:

Cumulative Security Update for Internet Explorer (890923)

VU#774338 Microsoft Internet Explorer DHTML objects contain a

race condition

VU#756122 Microsoft Internet Explorer URL validation routine

contains a buffer overflow

VU#222050 Microsoft Internet Explorer Content Advisor contains a

buffer overflow

Microsoft Security Bulletin MS05-02:

Vulnerability in Exchange Server Could Allow Remote Code

Execution (894549)

VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP

extended verb handling

Microsoft Security Bulletin MS05-022:

Vulnerability in MSN Messenger Could Lead to Remote Code Execution

(896597)

VU#633446 Microsoft MSN Messenger GIF processing

buffer overflow

Microsoft Security Bulletin MS05-019:

Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial

of Service (893066)

VU#233754 Microsoft Windows does not adequately validate IP

packets

II. Impact

Exploitation of these vulnerabilities may permit a remote attacker to

execute arbitrary code on a vulnerable Windows system, or cause a

denial-of-service condition.

III. Solution

Apply a patch

Microsoft has provided the patches for these vulnerabilities in the

Security Bulletins and on Windows Update.

Appendix A. References

* Microsoft's Security Bulletin Summary for April, 2005 - <

http://www.microsoft.com/technet/security/...05-apr.mspx>

* US-CERT Vulnerability Note VU#774338 -

<http://www.kb.cert.org/vuls/id/774338>

* US-CERT Vulnerability Note VU#756122 -

<http://www.kb.cert.org/vuls/id/756122>

* US-CERT Vulnerability Note VU#222050 -

<http://www.kb.cert.org/vuls/id/222050>

* US-CERT Vulnerability Note VU#275193 -

<http://www.kb.cert.org/vuls/id/275193>

* US-CERT Vulnerability Note VU#633446 -

<http://www.kb.cert.org/vuls/id/633446>

* US-CERT Vulnerability Note VU#233754 -

<http://www.kb.cert.org/vuls/id/233754>

_________________________________________________________________

Feedback can be directed to the authors: Will Dormann, Jeff Gennari,

Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff

Havrilla.

_________________________________________________________________

This document is available from:

<http://www.us-cert.gov/cas/techalerts/TA05-102A.html>

_________________________________________________________________

Copyright 2005 Carnegie Mellon University.

Terms of use: <http://www.us-cert.gov/legal.html>

_________________________________________________________________

Revision History

April 12, 2005: Initial release

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2

glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN

7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF

JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT

XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+

asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw==

=BY/p

-----END PGP SIGNATURE-----

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...