Risk: High
There are 3 critical updates, 4 important and 3 moderate updates on Microsoft's patch train this month. One of the critical ones is a vulnerability in IE that allows remote code execution.
Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
The references: Microsoft Security Bulletin MS05-025, MS05-026, MS05-027
There are 4 important vulnerabilities, and under this category a cross-site scripting vulnerability exists in Outlook Web Access for Microsoft Exchange that could allow an attacker to run a malicious script in Outlook Web Access.
The references: MS05-028, MS05-029, MS05-030, MS05-031
There are 3 moderate vulnerabilities, and under this category, there is a vulnerability in Microsoft ISA Server 2000 that could allow circumvention of a packet filter and enable an attacker to retrieve unpredictable information from an ISA Server's cache or from a system behind the ISA server.