Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Microsoft Security Patches Alert

January 2005

Microsoft Security Patches Alert

ID: 00031
Ref: 02/2005
Date: 13 January 2005:16:41:54
Version: 1
Title: Microsoft Security Patches Alert
Abstract:
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft

- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) ALERT - 02/05 dated 13.01.05 Time: 16:30
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Microsoft Security Patches Alert

Detail
======

Departmental and company security officers should be aware that a number of exploits have recently been published for patched vulnerabilities in Microsoft products. A
short description of the issues and a reference to the Microsoft Security Bulletin
resolving the issue follows. It is strongly recommended that your organisation patches all affected Windows installations following the Microsoft Security Bulletins



MS05-002 (Buffer overflow in animated cursor format) affects all Microsoft operating systems Microsoft Windows 98 and higher (including Microsoft Windows NT/2000/XP/2003) other than Microsoft Windows XP SP2. This vulnerability could enable remote program
execution with the privilege of the user opening the animated cursor. NISCC has confirmed
that a successful exploit compromises Microsoft Windows XP SP1.



MS04-045 (Vulnerability in WINS allows remote code execution) affects NT Server/2000
Server/2003 Server and enables user gain access to the local system account, which has administrator rights on the local computer.



MS04-044 (LSASS vulnerability allows elevation of privilege) affects Microsoft
Windows NT/2000/XP/2003 and enables a user gain access to the local system account,
which has administrator rights on the local computer.



MS04-031 (Vulnerability in NetDDE could allow remote code execution) affects all Microsoft operating systems Microsoft Windows 98 and higher (including Microsoft Windows NT/2000/XP/2003) other than Microsoft Windows XP SP2. The NetDDE service is, however, not started by default.



The best solution in all cases is to patch the vulnerability.
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk

Office Hours:

Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Microsoft for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |