[BigFix-Announcements] BES Auto Notification: New Fixlets Published
in Fixlet Site: EnterpriseSecurity
autonotify at bigfix.com
autonotify at bigfix.com
Tue Sep 20 02:01:14 PDT 2005
Fixlet Site - EnterpriseSecurity
Current Version: 627 Published: Mon, 12 Sep 2005 21:26:37 GMT
***************************************************************
Title: MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 502611
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS05-026.mspx
Fixlet Description: Microsoft has released a security update for HTML Help that eliminates a newly discovered security vulnerability. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system, and then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.
***************************************************************
Title: MS05-031: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 503103
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-031.mspx
Fixlet Description: Microsoft has released a security update for Interactive Training that eliminates a newly discovered security vulnerability. If successfully exploited, an attacker could take complete control of an affected system. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS05-032: Security Update for MSAgent ActiveX - Windows XP/2003 (x64)
Severity: Low
Fixlet ID: 503207
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS05-032.mspx
Fixlet Description: Microsoft has released a patch eliminating security vulnerabilities in MSAgent ActiveX. This is a spoofing vulnerability that could enable an attacker to spoof trusted Internet content. Users could believe that they are accessing trusted Internet content. However, they are accessing malicious Internet content such as a malicious Web site. An attacker would first have to persuade a user to visit the attacker’s site to attempt to exploit this vulnerability. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.
***************************************************************
Title: MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 503607
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS05-036.mspx
Fixlet Description: Microsoft has released a patch eliminating security vulnerabilities in the Microsoft Color Management Module. A remote code execution vulnerability exists in the Microsoft Color Management Module because of the way that it handles ICC profile format tag validation. An attacker who successfully exploited this vulnerability could take complete control of an affected system.After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.
***************************************************************
Title: MS05-038: Cumulative Security Update for Internet Explorer - Windows XP/2003 (x64)
Severity: Critical
Fixlet ID: 503813
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx
Fixlet Description: Microsoft has released a cumulative patch for Internet Explorer that eliminates newly discovered security vulnerabilities, as well as eliminating all vulnerabilities covered by earlier patches. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.
***************************************************************
Title: MS05-040: Vulnerability in Telephony Service Could Allow Remote Code Execution- Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 504007
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS05-040.mspx
Fixlet Description: Microsoft has released a patch to resolve a newly-discovered, privately-reported vulnerability. A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.
***************************************************************
Title: MS05-042: Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing - Windows XP/2003 (x64)
Severity: Moderate
Fixlet ID: 504207
Fixlet Link: http://www.microsoft.com/technet/security/Bulletin/MS05-042.mspx
Fixlet Description: Microsoft has released a patch eliminating two security vulnerabilities in Kerberos. An attacker who successfully exploited the denial of service vulnerability could cause a server to stop responding to authentication requests. The information disclosure and spoofing vulnerability could allow an attacker to access sensitive client network information. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities.
More information about the BigFix-Announcements
mailing list