Date: 30th June 2005
Risk: High

There are 3 CRITICAL updates, 4 important and 3 moderate updates on Microsoft's patch train this month. One of the critical ones is vulnerability in IE that allows remote code execution.

Affected Software:

• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
• Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003
• Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)
• Microsoft Windows Millennium Edition (ME)

The references: Microsoft Security Bulletin MS05-025, MS05-026, MS05-027

There are 4 IMPORTANT vulnerabilities, and under this category a cross-site scripting vulnerability exists in Outlook Web Access for Microsoft Exchange that could allow an attacker to run a malicious script in Outlook Web Access.

The references: MS05-028, MS05-029, MS05-030, MS05-031

There are 3 MODERATE vulnerabilities, and under this category, there is a vulnerability in Microsoft ISA Server 2000 that could allow circumvention of a packet filter and enable an attacker to retrieve unpredictable information from an ISA Server's cache or from a system behind the ISA server.

The references: MS05-032, MS05-033, MS05-034

For full descriptions of the above vulnerabilities, refer to the URL below.

References

Site disclaimer | Privacy Policy | Terms and Conditions |        Telephone: +44 1634 721 855 | email: sales@nta-monitor.com © NTA Monitor Ltd. 2007