Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2005 > REVISED - Microsoft - June Security Bulletins

June 2005

REVISED - Microsoft - June Security Bulletins

ID: 00491
Ref: 452/2005
Date: 15 June 2005:11:22:22
Version: 1
Title: REVISED - Microsoft - June Security Bulletins
Abstract: Microsoft has released a number of security advisories.
Vendors affected: Microsoft
Operating systems affected: Microsoft

Title
=====
REVISED - Microsoft - June Security Bulletins

Detail
======

PLEASE NOTE: The Briefing sent as 490/2005 should have been sent as 452/05.
This version corrects this mistake and also adds additional information
regarding Security Bulletin re-releases.

- ------

Microsoft has released a number of security advisories. Full details are
available from: http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx

Bulletin Severity Impact

MS05-025 Critical Remote Code Execution (replaces MS05-020) End-user machines only
MS05-026 Critical Remote Code Execution (replaces MS03-044, MS04-023, MS05-001)
MS05-027 Critical Remote Code Execution (replaces MS02-070, MS03-024)
MS05-028 Important Remote Code Execution
MS05-029 Important Remote Code Execution
MS05-030 Important Remote Code Execution
MS05-031 Important Remote Code Execution
MS05-032 Moderate Spoofing
MS05-033 Moderate Information Disclosure
MS05-034 Moderate Elevation of Privilege

*Critical Vulnerabilities*

Microsoft Security Bulletin MS05-025 - Cumulative Security Update for
Internet Explorer (883939) - Critical
http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx

MS05-026 (KB896358) - Vulnerability in HTML Help Could Allow Remote
Code Execution
http://www.microsoft.com/technet/security/bulletin/ms05-026.mspx

MS05-027 (KB896422) - Vulnerability in Server Message Block Could
Allow Remote Code Execution.
http://www.microsoft.com/technet/security/bulletin/MS05-027.mspx

*Important Vulnerabilities*

MS05-028 (KB896426) - Vulnerability in Web Client Service.
http://www.microsoft.com/technet/security/bulletin/MS05-028.mspx

MS05-029 (KB895179)- Vulnerability in Outlook Web Access for Exchange
Server 5.5 Could Allow Cross-Site Scripting Attacks
http://www.microsoft.com/technet/security/Bulletin/MS05-029.mspx

MS05-030 (KB897715)- Cumulative Security Update in Outlook Express
http://www.microsoft.com/technet/security/Bulletin/MS05-030.mspx

MS05-031 (KB898458) - Vulnerability in Step-by-Step Interactive Training
Could Allow Remote Code Execution.
http://www.microsoft.com/technet/security/bulletin/MS05-031.mspx

*Moderate Vulnerabilities*

MS05-032 (KB890046)- Vulnerability in Microsoft Agent Could Allow Spoofing.
http://www.microsoft.com/technet/security/bulletin/MS05-032.mspx

MS05-033 (KB896428) - Vulnerability in Telnet Client Could Allow Information
Disclosure.
http://www.microsoft.com/technet/security/bulletin/MS05-033.mspx

MS05-034 (KB899753) - Cumulative Security Update for ISA Server 2000.
http://www.microsoft.com/technet/security/bulletin/MS05-034.mspx

Other useful URLs:
http://isc.sans.org/


- ------

Microsoft have revised the following advisories, for the reasons quoted below:

MS02-035 - SQL Server Installation Process May Leave Passwords on System
http://www.microsoft.com/technet/security/bulletin/MS02-035.mspx

"Reason for revision: Updated technical information in the FAQ
with additional details around cluster installation and to
advise of an updated KillPwd utility."


MS05-004 - ASP.NET Path Validation Vulnerability
http://www.microsoft.com/technet/security/bulletin/MS05-004.mspx

"Reason for revision: Bulletin updated to announce the
availability of an updated package for .NET Framework 1.0
Service Pack 3 for the following operating system versions:
(887998) Windows XP Tablet PC Edition and Windows XP Media
Center Edition."


MS05-019 - Vulnerabilities in TCP/IP Could Allow Remote Code Execution
and Denial of Service
http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx

"Reason for revision: Microsoft updated this bulletin today to
advise customers that a revised version of the security update
is available. We recommend installing this revised security
update even if you have installed the previous version. The
revised security update will be available through Windows Update,
Software Update Services (SUS), and will be recommended by the
Microsoft Baseline Security Analyzer (MBSA)."


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |