• Information Security Office
• Secure Computing
• Security Alerts
• Microsoft Releases Patches for Multiple Critical Vulnerabilities

Security Alerts

Search Security Alerts:

February 8, 2005

Microsoft Releases Patches for Multiple Critical Vulnerabilities

Summary

On Feb 8, 2005, Microsoft released twelve new security updates, eight of them rated as critical. All current versions of Windows are affected by some of them.

Taken together, these vulnerabilities can result in system-level compromise. In systems running Windows 2000 and higher, compromise is possible without any user interaction. In all systems, compromise is possible if the user views a maliciously constructed HTML email message or web page.

What to Do

Windows users can manually use "Windows Update" to download and install the current patches. Additionally, it is recommended that all Windows machines have an automated patch management solution installed and configured on their system. Stanford provides BigFix to automatically patch Windows machines; it is available at http://patching.stanford.edu. Alternatively, Windows Automatic Update should be enabled.

Technical Detail

Information regarding all twelve security updates is available at http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx. The following are brief summaries of those rated as critical.

MS05-005 - Vulnerability in Microsoft Office XP Could Allow Remote Code Execution (KB873352)

• Affected software:
  • Office XP
  • Word 2002
  • PowerPoint 2002
  • Project 2002
  • Visio 2002
  • Works Suite 2002, 2003, 2004
• Activated by clicking a malicious link in an email or web page.
• No public exploit known at this time

MS05-009 - Vulnerability in PNG Processing Could Allow Remote Code Execution (KB890261)

• Affected platforms:
  • Windows 98, 98SE, and ME
  • Windows Media Player 9 on Windows 2000, XP (SP1), and Server 2003
  • Windows Messenger version 5.0
• Activated by clicking a malicious link in an email or web page
• No public exploit known at this time

MS05-010 - Vulnerability in the License Logging Service Could Allow Remote Code Execution (KB885834)

• Affected platforms:
  • Windows NT Server 4 Service Pack 6a
  • Windows NT Server 4.0 Terminal Server Edition Service Pack 6
  • Windows 2000 Server (SP3 and SP4)
  • Windows Server 2003 (x86 and Itanium)
• On NT4 and 2000 Server SP3, no credentials or user interaction required.
• On 2000 Server SP4 and Server 2003, attacker required to have authenticated login. No user interaction required.
• No public exploit known at this time
• The Windows Systems Group recommends disabling License Logging Service (Start->Control Panel->Administrative Tools->Services->License Loging Service, in "Startup Type" choose "Disabled", then click "Stop" and "Ok".)

MS05-011 - Vulnerability in Server Message Block Could Allow Remote Code Execution (KB885250)

• Affected platforms:
  • Windows 2000
  • Windows XP (SP1 and SP2)
  • Windows XP 64-bit (Itanium)
  • Windows Server 2003 (x86 and Itanium)
• No credentials or user interaction required.
• Can also be activated through a malicious link in email or a web page.
• No public exploit known at this time

MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (KB873333)

• Affected software:
  • Windows 98, 98SE, ME
  • Windows 2000
  • Windows XP (SP1 and SP2)
  • Windows XP 64-bit (Itanium)
  • Windows Server 2003 (x86 and Itanium)
  • Exchange Server 5.0, 5.5, 2000, 2003
  • Office XP, 2003
• On Exchange Server, no credentials or user interaction required.
• Elsewhere, activated by opening a malicious email attachment.
• No public exploit known at this time

MS05-013 - Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (KB891781)

• Affected software:
  • Windows 98, 98SE, ME
  • Windows 2000
  • Windows XP (SP1 and SP2)
  • Windows XP 64-bit (Itanium)
  • Windows Server 2003 (x86 and Itanium)
• Activated by opening a malicious email message or web page.
• There is an exploit of this vulnerability in circulation.

MS05-014 - Cumulative Security Update for Internet Explorer (KB867282)

• Affected software:
  • Windows 98, 98SE, ME
  • Windows 2000
  • Windows XP (SP1 and SP2)
  • Windows XP 64-bit (Itanium)
  • Windows Server 2003 (x86 and Itanium)
  • Internet Explorer 5.01, 5.5, 6
• Activated by opening a malicious email message or web page.
• There is an exploit of one of these vulnerabilities in circulation that allows an attacker to write to the local file system.
• There is proof-of-concept code for an exploit that allows remote code execution.

MS05-015 - Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (KB888113)

• Affected software:
  • Windows 98, 98SE, ME
  • Windows 2000
  • Windows XP (SP1 and SP2)
  • Windows XP 64-bit (Itanium)
  • Windows Server 2003 (x86 and Itanium)
• Activated by clicking a malicious link in an email message or web page.
• No public exploit known at this time.

References

Additional information regarding these vulnerabilities is available at

• http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx
• http://isc.sans.org/diary.php?date=2005-02-08

The Information Security Office would like to thank the Windows Systems Group in ITSS for their assistance in producing this alert.