PDA

Vollständige Version anzeigen : Microsoft Security Info vom 10.05.2005


Günther Kramer
11.05.2005, 09:18
New Security Updates

Microsoft is releasing 1 security bulletin for newly discovered vulnerabilities.

Important MS05-024 Microsoft Windows Remote Code Execution

The summary for this month's bulletins can be found at the following page:

- http://www.microsoft.com/technet/security/bulletin/ms05-may.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
http://go.microsoft.com/fwlink/?LinkId=40573


Security Advisories

Microsoft is today also releasing the following security advisories:

892313 Microsoft Windows Media Player
842851 Microsoft Exchange

Microsoft will host a webcast to address customer questions on these bulletins. For more information on this webcast please see below:

- TechNet Webcast: Information about Microsoft's May's Security Bulletins (Level 100)
- Wednesday, May 11, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
- http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032273403&Culture=en-US

The on-demand version of the webcast will be available 24 hours after the live webcast at:
- http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032273403&Culture=en-US

**********************************************************************
MS05-024

Title: Vulnerability in Web View Could Allow Remote Code Execution (894320)

Affected Software:

- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of the bulletin for details about these operating systems.

Non-Affected Software

- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-024.mspx

**********************************************************************

Microsoft Security Advisory (842851)

Title: Reducing the email address enumeration threat in SMTP When Using Exchange Server

Purpose of Advisory: Notification of the availability of the Tar Pit feature to help address limitations in the SMTP protocol that may lead to information disclosure threats.

Advisory Status: Knowledge Base Article and associated Tar Pit features are available.

Recommendation: Review and configure this feature or associated workarounds as appropriate.

Related Software:

- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 2003
- Microsoft Exchange 2000 Server Service Pack 3
- Microsoft Exchange 5.5 Service Pack 4
- Microsoft Exchange 5.0 Service Pack 2

More information on this advisory is available at: http://www.microsoft.com/technet/security/advisory/842851.mspx

The Microsoft Knowledge Base article for this advisory is available at:
http://support.microsoft.com/kb/842851

**********************************************************************

Microsoft Security Advisory (892313)

Title: Default Setting in Windows Media Player Digital Rights Management Could Allow a User to Open a Web Page Without Requesting Permission

Purpose of Advisory: Notification of the availably of an update to help protect against this threat.

Advisory Status: Knowledge Base Article and associated update have been released.

Recommendation: Review referenced Knowledge base article and apply updates for increased security.

Related Software:

- Windows Media Player 9
- Windows Media Player 10

More information on this advisory is available at: http://www.microsoft.com/technet/security/advisory/892313.mspx

The Microsoft Knowledge Base article for this advisory is available at:
http://support.microsoft.com/kb/892313

PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft PSS Security Team

If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary at the number located at http://support.microsoft.com/security

Thank you,
Microsoft PSS Security Team