Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2005 > Microsoft - April Security Updates

April 2005

Microsoft - April Security Updates

ID: 00310
Ref: 286/2005
Date: 12 April 2005:21:21:09
Version: 1
Title: Microsoft - April Security Updates
Abstract:
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
"Critical" Vulnerabilities

MS05-019 - Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service
MS05-020 - Cumulative Security Update for Internet Explorer
MS05-021 - Vulnerability in Exchange Server Could Allow Remote Code Execution
MS05-022 - Vulnerability in MSN Messenger Could Lead to Remote Code Execution
MS05-023 - Vulnerabilities in Microsoft Word May Lead to Remote Code Execution

"Important" Vulnerabilities

MS05-016 - Vulnerability in Windows Shell that Could Allow Remote Code Execution
MS05-017 - Vulnerability in Message Queuing Could Allow Code Execution
MS05-018 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service

Updated Microsoft Security Bulletins and Software

In addition to addressing the vulnerabilities described above, Microsoft updated three previously-published security bulletins: MS05-002, MS05-009 and MS05-010. Additionally, Microsoft released an updated version of its Malicious Software Removal Tool today; the program now recognizes Hacker Defender, Mimail, and Rbot malware specimen families.

The update to the MS05-002 advisory (Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution) is relevant to those who are applying the patch to Windows 98, 98SE, and ME; users of these platforms may need to re-apply the patch.

The update to the MS05-009 advisory (Vulnerability in PNG Processing Could Allow Remote Code Execution) reflects the availability of an updated version of Microsoft Windows Messenger version 4.7.0.2009 for Windows XP Service Pack 1.

The update to the MS05-010 advisory (Vulnerability in the License Logging Service could allow Code Execution) revises the "Mitigating Factors" section of the write-up to reflect new findings regarding Windows 2000 Server Service Pack 4 and points out the existence of the Knowledge Base Article 896658, which is relevant to users running Windows 2000 Server Service Pack 4.

Further information can be found at:
http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx
http://www.microsoft.com/security/bulletins/200504_windows.mspx
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |