Risk: High
It's a quiet month for the folks from Redmond: just 3 updates, but all belong to the critical category. These are:
Microsoft Security Bulletin MS05-035
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672) Vulnerability exists in Word that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system. Maximum Severity Rating: Critical Impact of Vulnerability: Remote Code Execution
Affected Software:- Office Word 2000: Critical
- Office Word 2002: Important
- Office Works Suite 2000 and 2001: Critical
- Office Works 2002, 2003 and 2004: Critical
Microsoft Security Bulletin MS05-036 Vulnerability in Microsoft Colour Management Module could allow Remote Code Execution (901214) Vulnerability exists in the Microsoft Colour Management Module that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system. Maximum Severity Rating: Critical Impact of Vulnerability: Remote Code Execution
Affected Software:- Windows Server 2003: Critical
- Windows Server 2003 Service Pack 1: Critical
- Windows Server 2003 for Itanium-based Systems: Critical
- Windows Server 2003 x64 Edition: Critical
- Windows XP Service Pack 1: Critical
- Windows XP Service Pack 2: Critical
- Windows XP Professional x64 Edition: Critical
- Windows 2000 Service Pack 4: Critical
- Windows Millennium Edition (Me): This operating system is vulnerable to this issue. However, it is not critically affected. Security updates for non-critical issues are typically not offered on this operating system.
- Windows 98 Second Edition (SE): This operating system is vulnerable to this issue. However, it is not critically affected. Security updates for non-critical issues are typically not offered on this operating system.
- Windows 98: This operating system is vulnerable to this issue. However, it is not critically affected. Security updates for non-critical issues are typically not offered on this operating system.
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) Vulnerability exists in JView Profiler that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system.
Maximum Severity Rating: Critical Impact of Vulnerability: Remote Code Execution Affected Software:
The following operating systems are vulnerable to this issue. However, they are not critically affected. Security updates for non-critical issues are typically not offered on these operating systems.
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4
- Windows Millennium Edition (Me)
- Windows 98 Second Edition (SE)
- Windows 98
Critcal/moderate: Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4: Critical
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition: Critical security updates for these platforms are available and are provided as part of this security bulletin and can be downloaded from: http://windowsupdate.microsoft.com
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4,or on Microsoft Windows XP Service Pack 1: critical
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition: Critical security updates for these platforms are available and are provided as part of this security bulletin and can be downloaded from: http://windowsupdate.microsoft.com
Internet Explorer 6 for Windows XP Service Pack 2: critical
Internet Explorer 6 for Windows Server 2003 and Server 2003 Service Pack 1: Moderate Internet Explorer 6 for Windows XP Professional x64 Edition, Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems: moderate