Microsoft release 12 patches some Critical

[Nick VR4]

START PATCHING PEEPS

http://www.microsoft.com/technet/security/current.aspx


Feb 8, 2005 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113): MS05-015

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold Critical
Feb 8, 2005 Cumulative Security Update for Internet Explorer (867282): MS05-014

Affected Software: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6.0 for Windows XP Service Pack 2, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me Internet Explorer 5.01 SP3, Internet Explorer 5.01 SP4, Internet Explorer 6 SP1, Windows Server 2003 Gold, Windows XP Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold Critical
Feb 8, 2005 Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781): MS05-013

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold Critical
Feb 8, 2005 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333): MS05-012

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me, Exchange 2000 Server, Exchange 2000 Enterprise Server, Exchange Server 2003, Exchange Server 5.5, Exchange Server 5.0, Office XP, Outlook 2002, Word 2002, Excel 2002, PowerPoint 2002, FrontPage 2002, Publisher 2002, Access 2002, Office 2003, Outlook 2003, Word 2003, Excel 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, Access 2003, InfoPath 2003, OneNote 2003 Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold, Exchange 2000 SP3, Exchange Server 2003 Gold, Exchange Server 2003 SP1, Exchange Server 5.5 SP4, Exchange Server 5.0 SP2, Office XP SP2, Office XP SP3 , Outlook 2002 SP2, Outlook 2002 SP3, Word 2002 SP2, Word 2000 SP3, Excel 2002 SP2, Excel 2002 SP3, PowerPoint 2002 SP2, PowerPoint 2002 SP3, FrontPage 2002 SP2, FrontPage 2002 SP3, Publisher 2002 SP2, Publisher 2002 SP3, Access 2002 SP2, Access 2002 SP3, Office 2003 Gold, Office 2003 SP1, Outlook 2003 Gold, Word 2003 Gold, Word 2003 SP1, Excel 2003 Gold, Excel 2003 SP1, PowerPoint 2003 Gold, PowerPoint 2003 SP1, FrontPage 2003 Gold, FrontPage 2003 SP1, Publisher 2003 Gold, Publisher 2003 SP1, Access 2003 Gold, Access 2003 SP1, InfoPath 2003 Gold, InfoPath 2003 SP1, OneNote 2003 Gold, OneNote 2003 SP1 Critical
Feb 8, 2005 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250): MS05-011

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold Critical
Feb 8, 2005 Vulnerability in the License Logging Service Could Allow Code Execution (885834): MS05-010

Affected Software: Windows NT Server 4.0, Windows NT Server 4.0, Enterprise Edition, Windows NT Server 4.0, Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition Windows NT4 Service Pack 6a, Windows NT4 Terminal Server Service Pack 6, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows Server 2003 Gold Critical
Feb 8, 2005 Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261): MS05-009

Affected Software: Windows Media Player 9.0, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me, Windows Messenger 4.7, Windows Messenger 5.x, MSN Messenger Windows Media Player 9.0 Gold, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold, Windows Messenger 4.7 Gold, Windows Messenger 5.x Gold, MSN Messenger Gold Critical
Feb 8, 2005 Vulnerabilty in Windows Shell Could Allow Remote Code Execution (890047): MS05-008

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold Important
Feb 8, 2005 Vulnerability in Windows Could Allow Information Disclosure (888302): MS05-007

Affected Software: Windows XP Home Edition, Windows XP Professional Windows XP Service Pack 1 Important
Feb 8, 2005 Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887891): MS05-006

Affected Software: Windows SharePoint Services, SharePoint Team Services 2002 Windows SharePoint Services SP1, SharePoint Team Services 2002 Gold Moderate
Feb 8, 2005 Vulnerability in Microsoft Office XP could lead to Buffer Overrun (873352): MS05-005

Affected Software: Office XP, Word 2002, PowerPoint 2002, Project 2002, Visio 2002, Works 2002, Works 2003, Works 2004 Office XP SP2, Office XP SP3 , Word 2002 SP2, Word 2002 SP3, PowerPoint 2002 SP2, PowerPoint 2002 SP3, Project 2002 SP2, Project 2002 SP3, Visio 2002 SP2, Visio 2002 SP3, Works 2002 Gold, Works 2003 Gold, Works 2004 Gold Critical
Feb 8, 2005 ASP.NET Path Validation Vulnerability (887219): MS05-004

Affected Software: .Net Framework 1.0, .Net Framework 1.1, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition

[ritch_w]

Call me cynical - but any product that contains the the words "micro" and "soft" is a security risk

time to say hello to Linux folks!!

[KiwiTT]

time to say hello to Linux folks!!

If they ever make a version to run my game www.totalwar.com, which requires DirectX9 ... I'll convert fully.

[Nick VR4]

Depending on what Linux OS most release patches on a pretty regular basis
Gentoo
Debain
Redhat
Fedora
Redhat

I have seen Gentoo release 9 in 3 days I think it was

[KiwiTT]

Patching is good ... secure configuration is better

Still I will apply these patches

[Nick VR4]

I hope every one has patched
As I am seeing exploits already out in the wild

[psbarham]

would these be the same patchs that after i downloaded and installed them then prceded to delete half the o/s from my hard drive and has ment me spending the last 3hr's reloading it all

[Nick VR4]

Maybe you got hit with the exploits before you patched ????????

[psbarham]

no it was working fine and then bang completly b*ggered as soon as it finished installing them

[Nick VR4]

Some of these exploits change registy keys
So as soon as you update it may have caused a crash ?

Just a guess really plus it depends on what OS etc you are running

we all know that no OS vendor MS or Apple or Gentoo or Debian , Redhat can fully test thee software or patches before releasing so I guess you were just unlucky

I updated mine last night no problem took 15 mins for OS and Office patches

[Kenneth]

no it was working fine and then bang completly b*ggered as soon as it finished installing them

microsoft patches tend to be a double edged sword.
I had a major screw up some months ago after a patch renderd Oracle 8 unable to start.
Took me 3 days to find the workaround and then work around the work around so that I could get this clinents DB working.

I dont patch at home, I just use a firewall to keep things safe, then apply service packs when they come out.

At work we use Microsoft SUS, which allows myself or another techo to manually approve updates before all PCs in the company download and auto install them. Quite a useful tool acutally, and also saves company bandwidth! (one download many distrobutions)

[KiwiTT]

Rule of thumb.

Install OS, turn off unneccessary services, Install Firewall & Anti-Virus, connect to net , update Virus signatures, download patches.

A PC is now compromised within 15 minutes of connecting, if you have no firewall.

[KiwiTT]

At work we use Microsoft SUS,

Same here. Works a treat

[Kenneth]

For those not in the know...

SUS = Software Update Services (If I remember correctly) which means you turn on Automatic Updates for windows (on the pcs in your office or whatever), and set them up to connect to a PC on your local network, instead of using the internet to connect to MS server.

[Nick VR4]

A PC is now compromised within 15 minutes of connecting, if you have no firewall.

I think its quicker than that depending on what dial up or Broadband you are running

Was on line for less than 5 mins and got hammered I've learnt

[Spirit]

Thanks for the updates again Nick

[KiwiTT]

I hope every one has patched
As I am seeing exploits already out in the wild

Yep here is McAfee release a virus update for the expolit

http://vil.nai.com/vil/content/v_131745.htm