Microsoft Bulletins 2005

	Microsoft_Security_Bulletin_Summary_for_December_2005
	Microsoft_Security_Bulletin_Summary_for_November_2005
	Microsoft_Security_Bulletin_Summary_for_October_2005
	Microsoft_Security_Bulletin_Re-Releases,_August_2005
	Microsoft_Security_Bulletin_Summary_for_August_2005
	Microsoft_Security_Bulletin_Re-Releases,_July_2005
	Microsoft_Security_Bulletin_Summary_for_July_2005
	Microsoft_Security_Bulletin_Summary_for_June,_2005
	Microsoft_Security_Bulletin_Re-Releases,_June_2005
	Microsoft_Security_Bulletin_Summary_for_May_2005
	Microsoft_Security_Bulletin_Re-Releases,_April_2005
	Microsoft_Security_Bulletin_Summary_for_April_2005
	Microsoft_Security_Bulletin_Summary_for_February_2005
	Remote_Code_Execution_in_Office_XP_
	Microsoft_Security_Bulletin_Summary_for_January_2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for December 2005
Issued: December 13, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=57189
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-054 - Cumulative Security Update for Internet Explorer (905915)

- Affected Software:
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 x64 Edition
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows 2000 Service Pack 4

- Review the FAQ section of bulletin MS05-054 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS05-055 - Vulnerability in Windows Kernel Could Allow
Elevation of Privilege (908523)

- Affected Software:
- Windows 2000 Service Pack 4

- Impact: Elevation of Privilege
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=57189

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

* Andreas Sandblad and Jakob Balle of Secunia
(http://www.Secunia.com) for reporting an issue described in MS05-054.

* Will Dormann of CERT/CC (http://www.cert.org/)
for reporting several class identifiers documented in MS05-054.

* eEye Digital (http://eEye.com) Security
for reporting an issue described in MS05-055.

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQ58xZhCvwTv3q93mAQJ5Mw//URdJKhlbaRQtUG9vJ7f0yoBAdOMecwaD
pT8veDp5u8zksBZQzZFrGuAltslwZwhkZTDyhv3YORYC2zvSLBUupBkfv6ci9X1p
82AZ2XYJtTOgB7pW6z6j3Ta9kTjNmAjnWP38m4Pvz8r8bwgygDOLAlP3Yp9vp3LB
5nMiho/CyS9TTIjEX8W2ZXKAEasMZw+zE2vS1LPcv3+WsO522g/mLsFJF1vkYhXP
Texq0OFWZCRCraOEWvnPkhUKg4RrC4BPP2k1pYUHF2AQqB+1YVvaQ/CMlZ7T5XPP
VdX2NT1uy7HoBrCs9Ofwen78DDao7Nv80MuRhY4hOXNLQUFb6rikNZm8AeUHqi/Q
AY/xREN7+Vsxr16hU9UAZ+is0h6HbfGwjaPFOonm2l2uXisMW5U5RcKg4grpKerD
OAo5M2KJPaprSXq4nZ7HZJyD4CBUGeaxHx0gkOJT5C3uorqVY8LGTrT6uYKEr4pO
dWhAZJ+CAg+zZmBrhgEQmQfd+lcqz7cSPMtrQ9KdclgaD0hz4fgOD/sv6KP+a9HS
Eg1yRn5gAx4we2inYYzVExw4dM0iJOc9nkPTMa7A0rNh+gApRivRofm2fAG/fTu2
TQy+pqjjmK1QoBZr0xtJyO8D6b1JHArxv+paLlndzR4JPQ8cwEPPQvYUQbknqB+/
q5Fs4X6G0wE=
=XsC/
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for November 2005
Issued: November 8, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=56129
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-053 - Vulnerabilities in Graphics Rendering Engine Could Allow
Code Execution (896424)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-053 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
An update is available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=56129

Microsoft Support Lifecycle for Business and Developer Software ===============================================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.

http://www.microsoft.com/technet/security/secnews/default.mspx

http://www.microsoft.com/technet/security/bulletin/notify.mspx

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

- - Venustech AdDLab
(http://www.venustech.com.cn)
for reporting an issue described in MS05-053.

- - eEye Digital Security
(http://www.eeye.com/html)
for reporting an issue described in MS05-053

- - Peter Ferrie of Symantec Security Response
(http://securityresponse.symantec.com)
for reporting an issue described in MS05-053

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQ3D9+IreEgaqVbxmAQJjVQ//ajis1weJPv4iqfQUAmtzElHGD85p3rgP
3dRt214aFCTOBgjjSbt0zi6ZjImW4HQ8Dy7cSeRMbyuOljRYKPKHVQiyPMEMbYRH
oG76RcC8lmRtQmdy9vKZGksek8+JwbRKTGN+kdLKvzslRxLtZuJbhfGlUlpVhnv/
fA6/tmNFPydH7ajiMs+B75uXmzd3yehbDTJUnIhZSJgWhMZb2wKofBlPCYs2qtKP
/HXPAv+1S3b/mQf0OLUy4/kdSXXWUQNfS/w8Xe2M8JV59x6EPgs42Kz6JBo7Ogbl
0nO1ZzHNzE71IbKeOe9B0jsEuWjfGra5YTJYPBBzZyqe1J6+iCm3IeViLhJ+ln9u
S1tjq1wPuSATHtOAE85bd2tAbsZ8gck5dhRyqXXsiwc5CYL+icML+eVBLPhSPITn
rVhxGK44RT7TRqhnJ9vP6BWKLOf+VaYXHqvKrdG88OAFkMvqZ1FlQ1KSgNJt5ShE
Kn1l01uSHWiTnVH+w/CDhm3kwa8tNVg7Pm7bV9AEWyBoVQ3g8xW+1tq/kA7tvZ+t
Ac5yo6jjfAknS352hr/1b465doqZ4379r9qBp1ccy0or6by/Vxsu/yhuYThuK0TW
cY5g735molyKdUgdf25NPxCBIWLpRIoCIxJhZQvGe9Z7MlQrPW5AGxIA96DH0HZy
gz7mV02GkyM=
=uGZb
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for October 2005
Issued: October 11, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=54789
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-050 - Vulnerability in DirectShow Could Allow Remote Code
Execution (904706)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O50 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-051 - Vulnerabilities in MSDTC and COM+ Could Allow Remote
Code Execution (902400)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-052 - Cumulative Security Update for Internet Explorer (896688)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O52 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS05-046 - Vulnerability in the Client Services for Netware Could
Allow Remote Code Execution (899589)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows Server 2003
- Windows Server 2003 Service Pack 1

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-047 - Vulnerability in Plug and Play Could Allow Remote Code
Execution and Local Elevation of Privilege (905749)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-048 - Vulnerability in the Microsoft Collaboration Objects
Could Allow Remote Code Execution (907245)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Exchange 2000 Server Service Pack 3 with the Exchange
2000 Post-Service Pack 3 Update Rollup of August 2004

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-049 - Vulnerabilities in Windows Shell Could Allow Remote Code
Execution (900725)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

Moderate Security Bulletins
===========================

MS05-044 - Vulnerability in the Windows FTP Client Could Allow File
Transfer Location and Tampering (905495)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-045 - Vulnerability in Network Connection Manager Could Allow
Denial of Service (905414)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows Server 2003
- Windows Server 2003 Service Pack 1

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=54789

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

* Kostya Kortchinsky (kostya.kortchinsky@renater.fr) with
CERT RENATER for reporting an issue described in MS05-046

* eEye Digital Security (http://www.eeye.com/) for reporting an
issue described in MS05-047

* Gary O'leary-Steele of Sec-1 (http://www.sec-1.com/) for
reporting an issue described in MS05-048

* Cesar Cerrudo of Argeniss (http://www.argeniss.com/) for reporting
an issue described in MS05-049

* Brett Moore of security-assessment.com
(http://www.security-assessment.com/) for reporting an issue
described in MS05-049

* eEye Digital Security (http://www.eeye.com/) for reporting an
issue described in MS05-050

* eEye Digital Security (http://www.eeye.com/) for reporting an
issue described in MS05-051

* Cesar Cerrudo of Argeniss (http://www.argeniss.com/) for reporting
an issue described in MS05-051

* iDefense (http://www.idefense.com/) for reporting an issue
described in MS05-051

* Will Dormann of CERT/CC (http://www.cert.org/) for reporting an
issue described in MS05-052

* FrSIRT (http://www.frsirt.com/english/) for reporting an issue
described in MS05-052

* Parvez Anwar of MCI (http://www.mci.com/) for reporting an issue
described in MS05-052

* eEye Digital Security (http://www.eeye.com/) for reporting an
issue described in MS05-052

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQ0wULYreEgaqVbxmAQKsIw//WdbafQo5VkiU2Fd0773cKcBmAbqsaLyt
rqiKpYDZsQ41ZrcA/Uwkz3zBC3ruBRtfTpFmPILkJFXQWvKlkOISTY0w8cpHKIww
scJh6lhen3s8elYhJ3IxpI8Y9zK3tonIqFWdohz8s+2rmDwjC/Kfbqt3YUl1EwPP
UxmJYCVATZQkdk6iH9dSEE5tdoqK+sxID8oEYaN3MXd4HfIpznkXSNeHgcj+P6RO
3jGMGCjb+5uQUyRL7Iw61CQ40KlQCnF1/eR1fQhsWLoTp+cf7VhRVcQgC8jJ1fg5
YvWwBdIfXY1B/cyapquTYFio3yMCV32/c8X7BM1tIz+pgF8/0JVIw3reqoi3k86E
uckvzwgK5dKhCYZT2/O2VvDpqS57c50Si+kLdeWTdJl/yvYAjIq6K6iTQ71jU97X
auIJqHbqIfrH8h/YdfNrSVHQUmitFOQSVNEybA3+oRG2Ov8JkNcWSF0mcR7Ntzjq
DRIDmw7Nkl3igmbz7s6vSFbZ35APvvpCni9PdVmOyp9+SYxkAAnTLP759WChMacO
g79KWf2a5Qr4+cI0AwEy7vLlQokm5B7PIbLejDY2lVMP1HmdsUU7ac0014jNaXM+
ey3+acgf8dD07zUlYq/Up/BTS+o37HPGUWw4l3xmn9gqQczLqenQ3nhG9S8HeMcO
emkseUDrNik=
=ic3v
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases, August 2005
Issued: August 9, 2005
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS05-023
* MS05-032

Bulletin Information:
=====================

* MS05-023

- http://www.microsoft.com/technet/security/bulletin/MS05-023.mspx
- Reason for revision: Bulletin updated to reflect an additional
affected product- Microsoft Word 2003 Viewer
- Originally posted: June 14, 2005
- Updated: August 9, 2005
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS05-032

- http://www.microsoft.com/technet/security/bulletin/MS05-032.mspx
- Reason for revision: Bulletin updated to advise customers that
a revised version of the security update is available for
x64-based systems, Microsoft Windows Server 2003 for
Itanium-based Systems, and Microsoft Windows Server 2003 with
SP1 for Itanium-based Systems.
- Originally posted: June 14, 2005
- Updated: August 9, 2005
- Bulletin Severity Rating: Moderate
- Version: 2.0

********************************************************************

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates via e-mail.
You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQvkdNIreEgaqVbxmAQKqmA//duyxYnFRxKm9ETbLZdlYCc1JsYka2TnZ
McPidUXDZOor/aCY40dz6VBSILlzIXeFRO7Z4keM7wRoHju9AO8H26dCPRxNZl7p
xtUOQLMyQvK4/EkNWOadf5kzasAWzpX9OJiAztdaPISpS8AQ8+aDFfWlaKP/93xj
pTFye2zTSpyzmle4qEADTNABHPYVuALTaJiCOXVvasglrb92WlTBdHXhtMQqmHGy
KaYMvW3k9ZdYV5qZW/krlX8TIYh9DHF2EyHMOmTZVVtAQpdxw7CVGJggFB2tqxpJ
uJAoPAKOy64mDhlV/jfgPsZ/N0j967eyk5jtV4Hc6wofyBl+o9ZMCeZNaG+N9jNc
JQqdpBHHVhfU6iNfZ6CssHZsx//ksiQXeQ8kQLg2l2AGF59Ap83AK7i4PgLDcfvL
zva52a+phOhJ/fKHnzA/OiLQlyO8tCiriOcdinWh/ZZOp3ZJq22+C1pSR+u+NE4r
prqUmfa1v1xqu6iGt1pciaoATdTa8v++LpjuMt82jannpRhYMt3U65zFkvvg1qax
1/4rnG63lxJfnORl9RtCmbFXdkHKH9Prsujle8tG2c6INBSuC3JKNlKbIX5lXJrr
yDJKyS0ajZmGzwpo1qtXdacFR4gMGDlL6kZXWj55PM1EXjEX9ABU/GU40Z3+UjLA
lLD8ayFBvNo=
=bzRj
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for August 2005
Issued: August 09, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=51160
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-038 - Cumulative Security Update for Internet Explorer (896727)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O38 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-039 - Vulnerability in Plug and Play Could Allow Remote Code
Execution and Elevation of Privilege (899588)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-043 - Vulnerability in Print Spooler Service Could Allow Remote
Code Execution (896423)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS05-040 - Vulnerability in Telephony Service Could Allow Remote
Code Execution (893756)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O38 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

- Impact: Remote Code Execution
- Version Number: 1.0

Moderate Security Bulletins
===========================

MS05-041 - Vulnerability in Remote Desktop Protocol Could Allow
Denial of Service (899591)

- Affected Software:
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Denial of Service
- Version Number: 1.0

MS05-042 - Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=51160
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

- - Bernhard Mueller and Martin Eiszner of SEC Consult <http://www.sec-
consult.com/> for reporting an issue described in MS05-038

- - The NSFOCUS Security Team <http://www.nsfocus.com/> for reporting an issue described in MS05-038

- - Neel Mehta of ISS X-Force <http://www.iss.net/> for reporting an issue described in MS05-039

- - Jean-Baptiste Marchand of Herve Schauer Consultants <http://www.hsc.fr/> for working with us on MS05-039

- - Kostya Kortchinsky <mailto:kostya.kortchinsky@renater.fr> from CERT RENATER
for reporting an issue described in MS05-040 and MS05-043

- - Tom Ferris of Security Protocols
<http://www.security-protocols.com/> for
reporting an issue described in MS05-041.

- - Tony Chin <mailto:Tony.Chin@shell.com> of Shell, Inc. for reporting an issue
described in MS05-042.

- - Andre Scedrov <http://www.cis.upenn.edu/~scedrov/> and his team; Iliano Cervesato, Aaron Jaggard, Joe-Kai Tsay, and Chris Walstad, for reporting an issue described in MS05-042

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIUAwUBQvkQ64reEgaqVbxmAQKOfA/1E4ZoSPnBqllxJFxdbPo3IZiZIFZ+HTW7
YJxQzha3CX7usmKrDgSmqdDa4RWyoGF2Rs2hUTglJfvb6E8Ds0CkFtrEzO/ms9ql
0gELiERwxraCWWldyCOqzSQTFwWv+dHSBLrIiqonQZfje+XL1QFRy5UH50jZEsqn
Em0cHqp5HlPZT6UNQdGZCOpIzbylNuB5G3P/wKK4/mikGS16LHOJBnRxxJo/BoqD
By8g5N2sPYaR349WQf2yirNE8cN0XVpPp7REWYI0U1NjqM5a56EW/IL07oEFX1wa
tq6sTCbInsZi9f6tVPngZaUVIG9z4Cb9c5NiW/BO5PPBQe8VKK71xCCspfkCUQV/
oAP6+YJ81bq+OaRaqmsuu9hX8efnhoVpGRHqal5cS+MIuRFHgUl9M7aRTLG2YZ1a
rigChGV+tjc5l2sQWGIF83WoNs25ERkTXgsM5F9zBl2XA4uLW+XaxA0h6vUEdGIe
fkHk9kd845htjOatrnIjjMMgbkZvxzg4kwaOBiMa/39D8MBrn2Mgbf00YPserQKg
5grhXouy/0+yluEssBPfh+ndho5N+Z79Ez8hoZfzDLTAYcEpAamFMGiG0wzW5klo
Hl86fz+GUXiwmH5yIuVYNhfFoXyYMwrQmMf3/U7FPKHRukSHF8g/8vcLpmh7x+jh
WCtR+ymRmA==
=HPC2
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases, July 2005
Issued: July 12, 2005
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS05-033

Bulletin Information:
=====================

* MS05-033

- http://www.microsoft.com/technet/security/bulletin/MS05-033.mspx
- Reason for re-release: Bulletin revised to communicate the
availability of a security update for Services for UNIX 2.0 and
Services for UNIX 2.1. The "Security Update Information" section
has also be revised with updated information related to the
additional security updates.
- Originally posted: June 14, 2005
- Updated: July 12, 2005
- Bulletin Severity Rating: Moderate
- Version: 2.0

********************************************************************

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates via e-mail.
You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQtPaF4reEgaqVbxmAQLv7Q/+KpKh8U5YXFyQspamhlU8YwoIWDcRzMbz
VqEOsv+q7/1I8IiyZc7M1k/htDP0sdMfFaaxCrJ4ab9LIp3TFTI/qXwH17BcN482
6QocPJKJMQ7nyL1xAG0v9rL5ZJZMQbZ2PFH3Mz5Hu9twrAqzqQmFI/Uvg6yiVlBM
dSKeRF77ecyb3SB4tv8WZBUnmaQ2xhdaPDUU2gNQKjf/hUTP7MJ0RZOVgINoUDzF
y5H497keNBZy+IeShjSWTPcp+0pc0xSTX4V7wCwQ2iWUJ4DgOx+IWun4ivtdD6AX
5ad62xqvkKA2U9Ne8kWyy+VheD5w3oNv2WcLskfpuPD8D8HD6u+74MhVEZd4ucnQ
A9nLTYuLW+3ebnBDQk3njcyBi6T6xzU5Q+4uglejY6Q2Fg4/1Puw8j/lA2nEKZme
G1VsApBbsQ5u+uD1bidj1d5e2IX59JJY5+NmJzhlmfychh55ujC6uoeCVa0pHGCK
qe2T7kpLs04nAysYmC9ci87lC7xuVzD0yAJ+PfyGdpLChzPBwh2zgCvwz6DQQx8g
MRFt48FeeJwz/eFU3LPjX3RzxkuovrWMdzS8Kbv/4TaZJgF8zBB253sBGqIZv3zN
pCNpJY6NhHxVrpxdXpTWTUTVY/SBNzHvPD/RwTWyzYxVh9x3bbovqnQlt92lFEry
aE6BHupq6qU=
=zqdX
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for June, 2005
Issued: June 14, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=49236
********************************************************************

Summary:
========
This summary contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-025 - Cumulative Security Update for Internet Explorer
(883939)

- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O25 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-026 - Vulnerability in HTML Help Could Allow Remote Code
Execution (896358)

- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O26 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-027 - Vulnerability in SMB Could Allow Remote Code
Execution (896422)

- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS05-028 - Vulnerability in Web Client Service May Allow
Elevation of Privilege (896426)

- Affected Software:
- Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-029 - Vulnerability in Outlook Web Access for Exchange
Server 5.5 Could Allow Cross-Site Scripting
Attacks (895179)

- Affected Software:
- Exchange Server 5.5 Service Pack 4

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-030 - Cumulative Security Update for Outlook Express (897715)

- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-031 - Vulnerability in Microsoft Windows Interactive Training
Could Allow Remote Code Execution (898458)

- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O31 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

Moderate Security Bulletins
===========================

MS05-032 - Vulnerability in Microsoft Agent Could Allow
Spoofing (890046)

- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Review the FAQ section of bulletin MS05-O32 for information
about these operating systems:
- Windows 98
- Windows 98 Second Edition (SE)
- Windows Millennium Edition (ME)

- Impact: Spoofing
- Version Number: 1.0

MS05-033 - Vulnerability in Telnet Client Could Allow Information
Disclosure (896428)

- Affected Software:
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Windows XP 64-Bit Edition Version 2003 (Itanium)
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Windows Services for UNIX 3.5
- Windows Services for UNIX 3.0
- Windows Services for UNIX 2.2

- Impact: Information Disclosure
- Version Number: 1.0

MS05-034 - Vulnerability in Microsoft ISA Server Could allow
Information Disclosure (899753)

- Affected Software:
- Microsoft Internet Security and Acceleration Server 2000
Service Pack 2

- Note The following software programs include ISA Server 2000.
Customers who use these software programs should install
the provided ISA Server 2000 security update:
- Microsoft Small Business Server 2000
- Microsoft Small Business Server 2003 Premium Edition

- Impact: Elevation of Privilege
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=49236

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

* Mark Dowd of ISS X-Force (http://www.iss.net/) for reporting an
issue described in MS05-025.

* Mark Litchfield of Next Generation Security Software Ltd.
(http://www.ngssoftware.com/) for reporting an issue described
in MS05-025.

* Thor Larholm of PivX Solutions, Inc. (http://www.pivx.com/) for reporting an issue described in MS05-025.

* The UK National Infrastructure Security Co-ordination Centre
(NISCC) (http://www.niscc.gov.uk/) for reporting issues described
in MS05-025.

* Peter Winter-Smith of Next Generation Security Software Ltd.
(http://www.ngssoftware.com/) for reporting an issue described
in MS05-026.

* eEye Digital Security (http://www.eeye.com/) for reporting an
issue described in MS05-026.

* Qualys (http://www.qualys.com/ for reporting an issue described
in MS05-027.

* Mark Litchfield of Next Generation Security Software Ltd.
(http://www.ngssoftware.com/) for reporting an issue described
in MS05-028.

* Gaël Delalleau (gael.delalleau+moz@m4x.org) working with iDEFENSE
(http://www.idefense.com/) for reporting an issue described
in MS05-029.

* iDEFENSE (http://www.idefense.com/) for reporting issues described
in MS05-030, MS05-031, and MS05-033.

* Michael Krax (http://www.mikx.de/) for reporting an issue
described in MS05-032.

* Steve Orrin of Watchfire (http://www.watchfire.com/) for reporting
an issue described in MS05-034.

* Han Valk for reporting an issue described in MS05-034.

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQq8WIoreEgaqVbxmAQJCSBAAl9eyr5fVGldPwdw5eQb259Y1piI6bed8
j7vvbSNYe2BD2VMuVocBclKg5xYq98bj3vq0m6WHBa6bgZCH9D3XjWsOTc78xwoZ
N95q7eyBg48kd2j1i6GjNAYe2iUPRzUHIqy8sJhZD3sqdVLR6R6+jdfzwZmq21Nd
tazVkftKHxoUk8tMDdnDuYETJxhGrDFHos8IiVfpuam4NFEWkU1XjQagZ1Y/uygG
b8ZsLffrRPskzZmXyXMrUoOVHTAZmeX31GWgCsLpBjs7sb8v72Arb42po/rIsvhx
E3NiJRIYja3jGbwcULqvJ84qIdpncVnYEFjwmfV2EZsSKgugVVR9HLdtDDVlnU8l
1KeBrEGJpl+tpWeIDkCNIBbdUtFwuqBjlBOn2NzWjtUnM3j9vCNfvjfS34KdqrI4
rsLDpL97yc8JPBnAvZjDb6kq728EMbAIGPCDocpBfaHFeVDwsr+HXdl7ZBMaK13E
UXDUeXJ0CsGLwZT7knhRavoH5r4t20qCI0VtW11VdTftg9p/ZhOJnO5D+4TEb3RI
Z4Uv7knaBgC4+fUdXrQOnnmuztyvcCGhGavxWkDPHe8gCnlEx1B67z8aNRHW2PHx
CnE4LLEb+2QF3l6KTdvpTHHYrJzKaTNpLbocjoztdFgY3IgV1roggiPf2q9++QlJ
cw8OPu0DbG0=
=PMZ0
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases, June 2005
Issued: June 14, 2005
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS02-035
* MS05-004
* MS05-019

Bulletin Information:
=====================

* MS02-035

- http://www.microsoft.com/technet/security/bulletin/MS02-035.mspx
- Reason for revision: Updated technical information in the FAQ
with additional details around cluster installation and to
advise of an updated KillPwd utility.
- Originally posted: July 10, 2002
- Updated: June 14, 2005
- Bulletin Severity Rating: Moderate
- Version: 2.0

* MS05-004

- http://www.microsoft.com/technet/security/bulletin/MS05-004.mspx
- Reason for revision: Bulletin updated to announce the
availability of an updated package for .NET Framework 1.0
Service Pack 3 for the following operating system versions:
(887998) Windows XP Tablet PC Edition and Windows XP Media
Center Edition.
- Originally posted: February 8, 2005
- Updated: June 14, 2005
- Bulletin Severity Rating: Important
- Version: 2.0

* MS05-019

- http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx
- Reason for revision: Microsoft updated this bulletin today to
advise customers that a revised version of the security update
is available. We recommend installing this revised security
update even if you have installed the previous version. The
revised security update will be available through Windows Update,
Software Update Services (SUS), and will be recommended by the
Microsoft Baseline Security Analyzer (MBSA).
- Originally posted: April 12, 2005
- Updated: June 14, 2005
- Bulletin Severity Rating: Critical
- Version: 2.0

********************************************************************

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). It provides timely notification of any minor
changes or revisions to previously released Microsoft Security
Bulletins. This new service provides notifications that are
written for IT professionals and contain technical information
about the revisions to security bulletins.
Visit http://www.microsoft.com to subscribe to this service:

- Click on Subscribe at the top of the page.
- This will direct you via Passport to the Subscription center.
- Under Newsletter Subscriptions you can sign up for the
"Microsoft Security Notification Service: Comprehensive Version".

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates via e-mail.
You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQq8qjYreEgaqVbxmAQKakBAAgUYu2nHZSXn+KwzBOAo60Ub72owRoMG4
qISZCaMC1ogPv8m5eaOJM/qBfnd/02qG69p19HMy+9MymENp/IftaMCvHDBYCuUG
QPYwyvFXz30bRELMPM+tvnUeO9ZBse1Pw5qQT9GOKVYfpIaQRzsXrZf4Z6qvrWzv
60qM3Kmcmf3FpzKpytnFPP8CLPbg4Qd8SRR5ZyFIuXnjKUQ+90RzJJ4R4ZXeOBQp
YFkl1n+pTorLFnHcoDCzQyDcg3Gi+voze4e2IkPqFRhxiwimnnacp7dp+AZ/HqKZ
x1FQjRig2odZ/ClVaure+uiQCUFmdz0NVRZsCxpheBX2nmwVXurhiVdCANUBrN8b
hpL5TVNy9sHfMqBpf0bUCBDAs5wp1weogmWOpE4y8eNs4RY9PXd/QwYXlnGjF4Vr
nrXllEWnHXB6ezRyKGD39YgQyt2dUSavDhLf26CJmWtnr+YS4Qj4Pu5+V5qHxuas
ZY2xzXf27LjKW0AEFWMi0JnJ/TW2WHCo7g97JTdqErjULY4ylPTPZ06tEfTtto7l
xXriKzl6x0zVq1i5pWGVLbke2WFLtZ+oZsrYjn3KXk/BhSmKLZu0Xm0B9NL0302F
YeN5xL/UyJFNvcB6xdDfRh4u3J9nvV/huublE86JqYuI0gZdfl9yb/Hsv4SXjGcR
ljMPZu8HpMA=
=jsvF
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for May 2005
Issued: May 10, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=47292
********************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Important Security Bulletins
============================

MS05-024 - Vulnerability in Web View Could Allow Remote Code Execution (894320)

- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4

- Review the FAQ section of bulletin MS05-O24 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
An update is available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=47292

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). It provides timely notification of any minor
changes or revisions to previously released Microsoft Security
Bulletins. This new service provides notifications that are
written for IT professionals and contain technical information
about the revisions to security bulletins.
Visit http://www.microsoft.com to subscribe to this service:

- Click on Subscribe at the top of the page.
- This will direct you via Passport to the Subscription center.
- Under Newsletter Subscriptions you can sign up for the
"Microsoft Security Notification Service: Comprehensive Version".

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQoDz34reEgaqVbxmAQJLjA//fyfUqgEhJy+ExH6vhz2r5eehdGdRBDRu
MmqbJG+iI6miZ7aabiJcxC1R/3dOQ5s0BCUOxturt6vD7Ic68cz4/Qu6BY6zB1ob
O3mlTBIEZlUq4tEte1N12TiYro5FfkqiXjep/tmGE3wYw7UVJ9ZJB+19SjyV1tSo
fqpUYzTcx0vkQh52EpEzTR0696hAV+QBC4Wu2gIDUb0ZPRT9JBnXkYltM9B8IMym
bUor+2TZXC6jScztC0vSm9mb9EUtL8VHBgMn8CiCinFwhMr2ZxpKGf5APUyh312m
kDPPsVp6iodKOLBTzY3euEvkA0cTEfqH3tHEKGAi4Kcp5wSuP3kJ3diGTVSl110Z
ZlVz7y4aah6VXELGW/d5yBwWc0xvuX1dLCj7XC9IW4UEXdhEqPj/SPt+8b0GcIbB
xbtZWYHuNIdwo/IsGOAI4EFQ++MQqWONRu677IbW/TVhakpW5u26URSKmVMtq5XH
3qUsvd9OpnoDAPEgWY4JIaaGkb0/uXou7q66H7fwWuIQ3ifOfOx4VhJKFJSRfned
0Col4UCyuohvFf3h5wmvr+9f6stwO4Yg3yh41aQoktW8gYiuYpwxItvYlZhGtX0Z
5AU2a65gadMQ/xWlJ4fs83249yRUR2Z0le6UXK3epYGyCv2HHSbObdwcA78d4ETn
7ye/UgJYIq8=
=kfal
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Re-Releases, April 2005
Issued: April 12, 2005
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS05-002
* MS05-009

Bulletin Information:
=====================

* MS05-002

- http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
- Reason for re-release: After the release of the MS05-002
security bulletin, Microsoft became aware of an issue affecting
customers deploying the Windows 98, 98SE and ME security update.
In most cases, the issue caused machines to unexpectedly
restart. Microsoft has investigated this issue and has made
available revised security updates for these platforms. These
revised security updates are available from Windows Update and
the Microsoft Download Center. Customers who have not yet
applied the original version of these updates should visit
Windows Update to receive the revised updates. Customers who
have already applied the original Windows 98, 98SE and ME
security update are advised to install the current revision of
the update from Windows Update.
- Originally posted: January 11, 2005
- Updated: April 12, 2005
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS05-009

- http://www.microsoft.com/technet/security/bulletin/MS05-009.mspx
- Reason for re-release: Subsequent to the release of this
bulletin, it was determined that the update for Windows
Messenger version 4.7.0.2009 (when running on Windows XP
Service Pack 1) was failing to install when distributed via SMS
or AutoUpdate. The updated package corrects this behavior.
- Originally posted: February 8,2005
- Updated: April 12, 2005
- Bulletin Severity Rating: Critical
- Version: 2.0

********************************************************************

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). It provides timely notification of any minor
changes or revisions to previously released Microsoft Security
Bulletins. This new service provides notifications that are
written for IT professionals and contain technical information
about the revisions to security bulletins.
Visit http://www.microsoft.com to subscribe to this service:

- Click on Subscribe at the top of the page.
- This will direct you via Passport to the Subscription center.
- Under Newsletter Subscriptions you can sign up for the
"Microsoft Security Notification Service: Comprehensive Version".

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates via e-mail.
You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQlvw3IreEgaqVbxmAQLeUA/+Pal6cpXoJm1gXiMVH0sf6M+CaxciY/8x
eRvimZ0+uQWexfO2p5Kc7sa1FRFo/uf5cu8pLDhxHd0qStiSA/DhtOYsZ5UqsqIm
ueKHwxi2XlT1/hZGC5lisY8yB4Z3zjqHg0ytErOR3QJ90EK5KE+6AxbFUJzL98Wl
Zqg1QGUClpvdBhvgu6cs1AGh8SPh3IZO6BAAgdmcpkho/WcIbwwDcHY3EgZleBIp
FWEbZcV8dTcujc8PvLTwp5S+WWdPxuXHPqVsuhwfWhpdzCND4bQ//pqMw21u/u4x
7RbbwotguHvFpYSnb7Dh1JCV13Vn3Kwk5AM/k7ttk2rrzit6H4l/i46kBdTsvXFz
gHgxsNqBwPbgnR91X+4EWMp4EmEJ7PER9yBC/YA8so98T0mWbELSViDhmYk4XOeL
jOvKWFuP+FsazVH7tBedB50oE9UBpnmRX8zE1+h8j5HUixhzSonQdJ3Wz4qW/Skw
bOulcSCNKLXpSfxtxN9eN5gRC6qo0btPvq1Iz04+EB7rZItl1b5ZYmz/mbxCMo0P
nzP2jyU2nZ04wJc+Xv9dtLWTu9i3rQgjE4qCGv8hMJVd/xex/P9IJFXjSrJ4EvT3
3wpzgKko5mJczdgpAK+n77i0VfqS7nPCn8Auo+/7DWRZNNBa05/QslSyIohi4O98
DwWRYC1watI=
=SItw
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for April 2005
Issued: April 12, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=46049
*******************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-019 - Vulnerabilities in TCP/IP Could Allow Remote Code
Execution and Denial of Service (893066)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Review the FAQ section of bulletin MS05-019 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-020 - Cumulative Security Update for Internet Explorer
(890923)

- Affected Software
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

Review the FAQ section of bulletin MS05-020 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Affected Components:
- Internet Explorer 5.01 Service Pack 3
- Internet Explorer 5.01 Service Pack 4
- Internet Explorer 5.5 Service Pack 2 on Microsoft
Windows ME
- Internet Explorer 6 Service Pack 1
- Internet Explorer 6 Service Pack 1 (64-Bit Edition)
- Internet Explorer 6 for Windows XP Service Pack 2
- Internet Explorer 6 for Windows Server 2003
- Internet Explorer 6 for Windows Server 2003 for
Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-021 - Vulnerability in Exchange Server Could Allow Remote
Code Execution (894549)

- Affected Software:
- Microsoft Exchange 2000 Server Service Pack 3
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2003 Service Pack 1

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-022 - Vulnerability in MSN Messenger Could Lead to Remote
Code Execution (896597)

- Affected Software:
- MSN Messenger 6.2

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-023 - Vulnerabilities in Microsoft Word May Lead to Remote
Code Execution (890169)

- Affected Software:
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Word 2003
- Microsoft Works Suite 2001
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Works Suite 2004

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS05-016 - Vulnerability in Windows Shell that Could Allow Remote
Code Execution (893086)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Review the FAQ section of bulletin MS05-016 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-017 - Vulnerability in MSMQ Could Allow Remote Code Execution
(892944)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)

- Review the FAQ section of bulletin MS05-017 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-018 - Vulnerability in Windows Kernel Could Allow Elevation
of Privilege and Denial of Service (890859)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Review the FAQ section of bulletin MS05-018 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Impact: Elevation of Privilege
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=46049

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). It provides timely notification of any minor
changes or revisions to previously released Microsoft Security
Bulletins. This new service provides notifications that are
written for IT professionals and contain technical information
about the revisions to security bulletins.
Visit http://www.microsoft.com to subscribe to this service:

- Click on Subscribe at the top of the page.
- This will direct you via Passport to the Subscription center.
- Under Newsletter Subscriptions you can sign up for the
"Microsoft Security Notification Service: Comprehensive Version".

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

* Mark Dowd and Ben Layer of ISS X-Force (http://www.iss.net) for
reporting an issue described in MS05-021.

* Alex Li (alexli@hush.com) for reporting an issue
described in MS05-023.

* Hongzhen Zhou (felix__zhou@hotmail.com)for reporting the issue
described in MS05-022.

* Song Liu (songsong@shaw.ca), Hongzhen Zhou, and Neel Mehta of ISS
X-Force (http://www.iss.net) for reporting an issue described in
MS05-019.

* Fernando Gont (http://www.gont.com.ar) for reporting an issue
described in MS05-019.

* Qualsys (http://www.qualys.com) for reporting an issue described in
MS05-019.

* Berend-Jan Wever working with iDefense
(http://www.idefense.com) for reporting an issue described in
MS05-020.

* 3APA3A and axle@bytefall working with iDefense
(http://www.idefense.com) for reporting an issue described in
MS05-020.

* Andres Tarasco of SIA Group (http://www.siainternational.com) for
reporting an issue described in MS05-020.

* iDefense (http://www.idefense.com) for reporting an issue described
in MS05-016.

* Kostya Kortchinsky (kostya.kortchinsky@renater.fr) with CERT
RENATER for reporting an issue described in MS05-017.

* John Heasman with NGSSoftware (http://www.ngssoftware.com) for
reporting an issue described in MS05-018.

* Sanjeev Radhakrishnan, Amit Joshi, and Ananta Iyengar with
GreenBorder Technologies (http://www.greenborder.com) for
reporting an issue described in MS05-018.

* David Fritz working with iDefense (http://www.idefense.com) for
reporting an issue described in MS05-018.

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQlwERIreEgaqVbxmAQIzahAAlKDP0zz9tHxRWg7IF+n8MyRC+OjM+ljk
jpQJ5dATUX1HximAiuRTUZjFVujXQ8Ao1GVqfvuAD5FXSS/ULNun+mt8hWNw5j2n
i9Cz7+H0aWs/Si+E23WnuRVrw7UUPGUBwmochn8PUlmDb1ZrNgr1KoQaJKNBXry7
gV0+jhrZIMEcApvNP4aWZTikvOqST15DQfwo5Br4EsCebRp2V4RpPX6aSBxN18r9
qyvt6BvF9u9qPAfMMdbO4pCUPAaLTLyqr7vITaHPWJc+PcKlSLTEXiy34Wq7dyo7
lLda+eCSJ3OMwIGe6H+kkiUPanAkBzln5dOFOD8CK4xsSdI4422j0qK95DkYx8lI
mcHJHMZ3tOL3PclFofzuq36HPX1iyybu3bAtW7Ii9Obkb/IvosFLa1zJZxIo0EEO
CZf6QCLP+hhv+l8P0Mhpjzjtc/fmwubxkwu90aXm4efvS9bDQxnPA21fkGnUVaxp
yhotdlJTB+UR429CN5pHDaoBzzNQ16phK+sxXPu+WWgFGdLK4Kf82wsrZv9o8A7e
u8m+9pHV/SW0yqQLEu5OAmqugaBf88Bnb8/Rbu48h08x/jz5Rg1SnMxTLAhbmzUT
EvLEOApU0iLJ4uxghA+o+StGgwutd0dOIqJ/UjMHg2OPk4L7mhRFeJSKIRnUcg1r
fyrg6mMkols=
=IrfB
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for February 2005
Issued: February, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=42105
*******************************************************************

Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-005 - Vulnerability in Office Could Allow Remote Code
Execution (873352)

- Affected Software:
- Microsoft Office XP Service Pack 2
- Microsoft Office XP Service Pack 3
- Microsoft Project 2002
- Microsoft Visio 2002
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Works Suite 2004

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-009 - Vulnerability in PNG Processing Could Allow Remote Code
Execution (890261)

- Affected Software:
- Microsoft Windows Media Player 9 Series
- Microsoft Windows Messenger version 5.0
- MSN Messenger 6.1
- MSN Messenger 6.2

- Affected Components:
- Microsoft Windows Messenger 4.7.2009
(when running on Windows XP Service Pack 1)
- Microsoft Windows Messenger 4.7.3000
(when running on Windows XP Service Pack 2)

- Review the FAQ section of bulletin MS05-009 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-010 - Vulnerability in the License Logging Service Could
allow Remote Code Execution (885834)

- Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server
Edition Service Pack 6a
- Microsoft Windows 2000 Server Service Pack 3
- Microsoft Windows 2000 Server Service Pack 4
- Microsoft Windows 2003
- Microsoft Windows 2003 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-011 - Vulnerability in Server Message Block Could Allow
Remote Code Execution (885250)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code
Execution (873333)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Review the FAQ section of bulletin MS05-012 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Microsoft Exchange 2000 Server Service Pack 3
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 5.0 Service Pack 2
- Microsoft Exchange Server 5.5 Service Pack 4
- Microsoft Office XP Service Pack 3
- Microsoft Office XP Service Pack 2
- Microsoft Office 2003 Service Pack 1
- Microsoft Office 2003

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-013 - Vulnerability in the DHTML Editing Component ActiveX
Control Could Allow Remote Code Execution (891781)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Review the FAQ section of bulletin MS05-013 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-014 - Cumulative Security Update for Internet Explorer
(867282)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Review the FAQ section of bulletin MS05-014 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Affected Components:
- Internet Explorer 5.01 Service Pack 3
- Internet Explorer 5.01 Service Pack 4
- Internet Explorer 5.5 Service Pack 2
- Internet Explorer 6 Service Pack 1
- Internet Explorer 6 for Windows XP Service Pack 1
(64-Bit Edition)
- Internet Explorer 6 for Windows Server 2003
- Internet Explorer 6 for Windows Server 2003 64-Bit
Edition and Windows XP 64-Bit Edition Version 2003
- Internet Explorer 6 for Windows XP Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0

MS05-015 - Vulnerability in Hyperlink Object Library Could Allow
Remote Code Execution (888113)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Review the FAQ section of bulletin MS05-015 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS05-004 - Vulnerability in ASP.Net May Lead to Authentication
Bypass (887219)

- Affected Software:
- Microsoft .NET Framework 1.0
- Microsoft .NET Framework 1.1

- Impact: Information Disclosure, and possible
Elevation of Privilege
- Version Number: 1.0

MS05-007 - Vulnerability in Windows Could Allow Information
Disclosure (888302)

- Affected Software:
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)

- Impact: Information Disclosure
- Version Number: 1.0

MS05-008 - Vulnerability in Windows Shell Could Allow Remote Code
Execution (890047)

- Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
(Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003
(Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based
Systems

- Impact: Remote Code Execution
- Version Number: 1.0

Moderate Security Bulletins
============================

MS05-006 - Vulnerability in Windows SharePoint Services and
SharePoint Team Services Could Allow Cross-Site
Scripting and Spoofing Attacks (887981)

- Affected Software:
- Windows SharePoint Services for Windows Server 2003
- SharePoint Team Services from Microsoft

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=42105

Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates.
International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). It provides timely notification of any minor
changes or revisions to previously released Microsoft Security
Bulletins. This new service provides notifications that are
written for IT professionals and contain technical information
about the revisions to security bulletins.
Visit http://www.microsoft.com to subscribe to this service:

- Click on Subscribe at the top of the page.
- This will direct you via Passport to the Subscription center.
- Under Newsletter Subscriptions you can sign up for the
"Microsoft Security Notification Service: Comprehensive Version".

* Join Microsoft's webcast for a live discussion of the technical
details of these security bulletins and steps you can take
to protect your environment. Details about the live webcast
can be found at:

www.microsoft.com/technet/security/bulletin/summary.mspx

The on-demand version of the webcast will be available 24 hours
after the live webcast at:

www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

* Rafel Ivgi of Finjan (http://www.finjan.com) for reporting an issue
described in MS05-005.

* Jean-Baptiste Marchand of Herve Schauer Consultants
(http://www.hsc.fr) for reporting an issue described in MS05-007.

* Carlos Sarraute of Core Security Technologies
(http://www.corest.com) for reporting an issue described in
MS05-009.

* Kostya Kortchinsky (kostya.kortchinsky@renater.fr) of CERT RENATER
for reporting an issue described in MS05-010.

* eEye (http://www.eeye.com) for reporting an issue described in
MS05-012.

* Michael Krax (http://www.mikx.de) for working with us responsibly
on an issue described in MS05-014.

* Andreas Sandblad of Secunia (http://www.secunia.com) for reporting
an issue described in MS05-014.

* Jouko Pynnönen (http://jouko.iki.fi/index-en.html) for reporting an
issue described in MS05-014.

* Anna Hollingzworth (s53ur9ty_0x1ee1@yahoo.co.uk) for reporting an
issue described in MS05-015.

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQgkVU4reEgaqVbxmAQKmqg//dSGHXnBNjl/7E+NqVSzcweaPo2OI1Zrr
hQkSYmkR4Y5eMkwvZTYOVjg3b8t4EEPuQTVhxsZfZ+bCy1GQ/fjS5XY7T++KvaYF
fGLa/UtkktrkrMkctdgDVjlCvGP5xzz53CK2F0aKky/cI+Wa2FM/6pG3FZoCYiMx
r1DvDlnGxvCuitQnsgS3FG+3pUrYXQbOdE/mfoE/F8m1ymPHjwjoq3h/Q0lZKURY
A1Z5o5VxCowoO3JDXOlv93zLdgX2aQCX4Lj0C5RVEGkjYRDH7LK8dKNKpF2JpNDf
STBbVWVSLSpnHDExVsYHTs0yzIp2xKR328YU3W4QpYQ1HKa4W4+2GX9eCuHU4JNX
28dYFz/FO+nHz/KDdp88Hlk4XZ47j7b/tSKRAG27fUvY6p7qVdXAFD5qbh/E7Euy
8NURK5Y9QVDC3Ra110LOLhZfzQad19Rw7Z9JhcVIBAyaeLYa+rpJEzeU4O/Hgb6K
ypLbKq8bb0UbZyH2jIcjVYMSuMrfDDGq1xUHBgn98yPIXAGIyP7DTak+RO14f4/K
Ar3q5lvxkaZw1N+1s5FcHHPvg0Jv+Rk3CAveJoQxhkeB2VlBVRqS90OMlLjm2chw
kKnFPOCDfjgOMFK18gE/1cD7LKoaHvhNt+zVTuVjMwM+qXV+j02OZgFrh5elHp5+
bC6BzW1iQ5M=
=H9PZ
-----END PGP SIGNATURE-----

Security Alert, February 11, 2005

Remote Code Execution in Office XP
An unchecked buffer exists in the process that passes URL file locations to the affected software. The vulnerability could let a remote intruder execute code on an affected system. Microsoft has released Security Bulletin MS05-005, "Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)" and a patch to correct the problem. The bulletin also lists workarounds that might apply in some situations.
http://list.windowsitpro.com/t?ctl=1C37:28C14

Cross-Site Scripting and Spoofing Attacks in Windows SharePoint Services and SharePoint Team Services
The cross-site scripting vulnerability could allow an intruder to execute code in the security context of the currently logged on user.
A spoofing attack could take place because input provided to HTML redirection queries isn't adequately validated before the input is sent to a user's Web browser. Microsoft has released Security Bulletin MS05-006, "Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)" and a patch to correct the problem.
http://list.windowsitpro.com/t?ctl=1C36:28C14

Vulnerability in Windows Could Allow Information Disclosure
A vulnerability in the way authentication information is validated could let a remote intruder discover the user names associated with open connections to shared resources. Microsoft has released Security Bulletin MS05-007, "Vulnerability in Windows Could Allow Information Disclosure (888302)" and a patch to correct the problem.
http://list.windowsitpro.com/t?ctl=1C39:28C14

Vulnerability in Windows Shell Could Allow Remote Code Execution
A vulnerability exists in drag-and-drop events that could allow an intruder to write to files on a user's system via malicious Web content. A successful exploit could let the intruder take complete control of a user's system. Microsoft has released Security Bulletin MS05-008, "Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)" and a patch to correct the problem.
http://list.windowsitpro.com/t?ctl=1C38:28C14