|
Latest Ôhreats -
Inter
Engineering warns about new critical Security Bulletins that Microsoft
released
Inter
Engineering and Shavlik Technologies would like to warn you about the
nine new Security Bulletins that Microsoft released, three of which are
rated as critical on the company's security rating scale. These patches
include security vulnerabilities which could allow remote code
execution. In addition the patches include a critical fix for Microsoft
Internet Explorer.
Pay special attention to bulletin
MS05-051 which, if exploited, could take control of an affected
system. This bulletin represents a significant risk to customers
using Windows 2000 or Windows XP without SP2 installed. The most
common point of attack is through a buffer overflow. Users who are
running Windows 2003 Server (Gold or SP1) or Windows XP SP2 should be
aware that remote execution is not possible in the default system
configuration, yet local user accounts can be used as a means of
attack.
Inter
Engineering
strongly recommends testing and
deploying
all patches, including
MS05-051, as soon as
possible, especially on networks where a large number of systems are
running Windows 2000 or Windows XP without SP2 installed.
Network administrators can quickly and easily
download and deploy security updates from a central console, using
either the stand-alone patch management solution, Shavlik
HFNetChkPro, or with Shavlik NetChk Protect, which
combines patch with spyware management. The trial version of Shavlik
NetChk Protect can address these patches and it in addition includes
the Shavlik-built anti-spyware scanning engine.
Shavlik offers free,
fully-functional trial versions of its patch management and
anti-spyware products which will scan for, download and deploy missing
patches for Microsoft, Adobe, Real Networks, and WinZip products.
Shavlik products can be downloaded from
www.shavlik.com
Please find below more details regarding
the new Microsoft Security Bulletins:
Microsoft Security Bulletin MS05-044 (Moderate) Vulnerability in the
Windows
FTP Client Could Allow
File Transfer Location Tampering (905495)
http://www.microsoft.com/technet/security/Bulletin/MS05-044.mspx
Microsoft Security Bulletin MS05-045 (Moderate) Vulnerability in
Network
Connection Manager Could
Allow Denial of Service (905414)
http://www.microsoft.com/technet/security/Bulletin/MS05-045.mspx
Microsoft Security Bulletin MS05-046 (Important) Vulnerability in the
Client
Service for NetWare
Could Allow Remote Code Execution (899589)
http://www.microsoft.com/technet/security/Bulletin/MS05-046.mspx
Microsoft Security Bulletin MS05-047 (Important) Vulnerability in Plug
and
Play Could Allow Remote
Code Execution and Local Elevation of Privilege
(905749)
http://www.microsoft.com/technet/security/Bulletin/MS05-047.mspx
Microsoft Security Bulletin MS05-048 (Important) Vulnerability in the
Microsoft
Collaboration Data Objects Could Allow Remote Code Execution
(907245)
http://www.microsoft.com/technet/security/Bulletin/MS05-048.mspx
Microsoft Security Bulletin MS05-049 (Important) Vulnerabilities in
Windows
Shell Could Allow Remote
Code Execution
(900725)
http://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx
Microsoft Security Bulletin MS05-050 (Critical) Vulnerability in
DirectShow
Could Allow Remote Code
Execution
(904706)
http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx
Microsoft Security Bulletin MS05-051 (Critical) Vulnerabilities in
MSDTC and
COM+ Could Allow Remote
Code Execution
(902400)
http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx
Microsoft Security Bulletin MS05-052 (Critical) Cumulative Security
Update
for Internet Explorer
(896688)
http://www.microsoft.com/technet/security/Bulletin/MS05-052.mspx
| 
