miércoles, febrero 09, 2005
Boletines de seguridad de Microsoft para Febrero 2005.
Bueno, bueno...
Este mes tenemos donde escoger para "parchear" nuestros sistemas. Nada menos que doce; SI ! 12 parches para otras tantas vulnerabilidades.
No quiero dejar de recordaros que una vulnerabilidad afecta a todas las versiones de Exchange*.
A continuación os paso a nombrar los boletines y sus enlaces para mas información.
Security Bulletin MS05-004
Maximum severity: Important
Update number: 887219
Supported software affected:
• Microsoft .NET Framework 1.1 (all versions)
• Microsoft .NET Framework 1.0 Service Pack 3 (SP3) and SP2
Technical bulletin: ASP.NET Path Validation Vulnerability (887219)
Security Bulletin MS05-005
Maximum severity: Critical
Update number: 873352
Supported software affected:
• Office XP SP3 and SP2
• Microsoft Project 2002
• Microsoft Visio 2002
• Microsoft Works Suite 2004
• Microsoft Works Suite 2003
• Microsoft Works Suite 2002
Technical bulletin: Vulnerability in Microsoft Office XP Could Lead to Buffer Overrun (873352)
Security Bulletin MS05-006
Maximum severity: Moderate
Update number: 887981
Supported software affected:
• Windows SharePoint Services for Windows Server 2003
Technical bulletin: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
Security Bulletin MS05-007
Maximum severity: Important
Update number: 888302
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
Technical bulletin: Vulnerability in Windows Could Allow Information Disclosure (888302)
Security Bulletin MS05-008
Maximum severity: Important
Update number: 890047
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
Security Bulletin MS05-009
Maximum severity: Critical
Update number: 890261
Supported software affected:
• Windows Media Player 9 on Windows XP, Windows 2000, or Windows Server 2003
• Windows XP 64-Bit Edition SP1 running Windows Messenger
• Windows XP 64-Bit Edition Version 2003 running Windows Messenger
• Windows Millennium Edition (Windows Me), Windows 98 Second Edition (SE), and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
• Windows Messenger 4.7.2009 on Windows XP SP1 and Windows XP
• Windows Messenger 4.7.3000 on Windows XP SP2
• Windows Messenger 5.0
Technical bulletin: Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)
Security Bulletin MS05-010
Maximum severity: Critical
Update number: 885834
Supported software affected:
• Windows NT Server 4.0 SP6a
• Windows NT Server 4.0, Terminal Server Edition SP6
• Windows 2000 Server SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in the License Logging Service Could Allow Code Execution (885834)
Security Bulletin MS05-011
Maximum severity: Critical
Update number: 885250
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
Security Bulletin MS05-012
Maximum severity: Critical
Update number: 873333
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Office XP Service Pack 3 (SP3), Office XP SP2, and Office XPNote Office XP includes Outlook 2002, Word 2002, Excel 2002, PowerPoint 2002, FrontPage 2002, Publisher 2002, and Access 2002
• Office 2003 SP1 and Office 2003Note Office 2003 includes Outlook 2003, Word 2003, Excel 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, Access 2003, InfoPath 2003, and OneNote 2003
• Exchange 2000 Server Service Pack 3 (SP3)
• Exchange Server 2003 and Exchange Server 2003 SP1
• Exchange Server 5.0 SP2
• Exchange Server 5.5 SP4
Technical bulletin: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
Security Bulletin MS05-013
Maximum severity: Critical
Update number: 891781
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Windows Me, Windows 98 SE, and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
Technical bulletin: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution (891781)
Security Bulletin MS05-014
Maximum severity: Critical
Update number: 867282
Supported software affected:
• Internet Explorer 6 SP1 on Windows XP SP1, on Windows XP, or on Windows 2000 SP4 or SP3
• Internet Explorer 6 SP1 on Windows Me, on Windows 98 SE, or on Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
• Internet Explorer 6 for Windows XP SP1 (64-Bit Edition)
• Internet Explorer 6 for Windows Server 2003
• Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
• Internet Explorer 6 for Windows XP SP2
• Internet Explorer 5.5 SP2 on Windows Me
Note This update is being made available under extended support for critical security issues.
• Internet Explorer 5.01 SP4 on Windows 2000 SP4
• Internet Explorer 5.01 SP3 on Windows 2000 SP3
Technical bulletin: Cumulative Security Update for Internet Explorer (867282)
Security Bulletin MS05-015
Maximum severity: Critical
Update number: 888113
Supported software affected:
• Windows XP SP2 and SP1
• Windows 2000 SP4 and SP3
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Windows Me, Windows 98 SE, and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
Technical bulletin: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
* Para parchear alguna versión de Exchange, sólo es necesario actualizar el sistema operativo en el que está instalado con su parche correspondiente.
Un saludo.
------------------
Benjamin Mateos
|
Este mes tenemos donde escoger para "parchear" nuestros sistemas. Nada menos que doce; SI ! 12 parches para otras tantas vulnerabilidades.
No quiero dejar de recordaros que una vulnerabilidad afecta a todas las versiones de Exchange*.
A continuación os paso a nombrar los boletines y sus enlaces para mas información.
Security Bulletin MS05-004
Maximum severity: Important
Update number: 887219
Supported software affected:
• Microsoft .NET Framework 1.1 (all versions)
• Microsoft .NET Framework 1.0 Service Pack 3 (SP3) and SP2
Technical bulletin: ASP.NET Path Validation Vulnerability (887219)
Security Bulletin MS05-005
Maximum severity: Critical
Update number: 873352
Supported software affected:
• Office XP SP3 and SP2
• Microsoft Project 2002
• Microsoft Visio 2002
• Microsoft Works Suite 2004
• Microsoft Works Suite 2003
• Microsoft Works Suite 2002
Technical bulletin: Vulnerability in Microsoft Office XP Could Lead to Buffer Overrun (873352)
Security Bulletin MS05-006
Maximum severity: Moderate
Update number: 887981
Supported software affected:
• Windows SharePoint Services for Windows Server 2003
Technical bulletin: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
Security Bulletin MS05-007
Maximum severity: Important
Update number: 888302
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
Technical bulletin: Vulnerability in Windows Could Allow Information Disclosure (888302)
Security Bulletin MS05-008
Maximum severity: Important
Update number: 890047
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
Security Bulletin MS05-009
Maximum severity: Critical
Update number: 890261
Supported software affected:
• Windows Media Player 9 on Windows XP, Windows 2000, or Windows Server 2003
• Windows XP 64-Bit Edition SP1 running Windows Messenger
• Windows XP 64-Bit Edition Version 2003 running Windows Messenger
• Windows Millennium Edition (Windows Me), Windows 98 Second Edition (SE), and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
• Windows Messenger 4.7.2009 on Windows XP SP1 and Windows XP
• Windows Messenger 4.7.3000 on Windows XP SP2
• Windows Messenger 5.0
Technical bulletin: Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)
Security Bulletin MS05-010
Maximum severity: Critical
Update number: 885834
Supported software affected:
• Windows NT Server 4.0 SP6a
• Windows NT Server 4.0, Terminal Server Edition SP6
• Windows 2000 Server SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in the License Logging Service Could Allow Code Execution (885834)
Security Bulletin MS05-011
Maximum severity: Critical
Update number: 885250
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
Security Bulletin MS05-012
Maximum severity: Critical
Update number: 873333
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Office XP Service Pack 3 (SP3), Office XP SP2, and Office XPNote Office XP includes Outlook 2002, Word 2002, Excel 2002, PowerPoint 2002, FrontPage 2002, Publisher 2002, and Access 2002
• Office 2003 SP1 and Office 2003Note Office 2003 includes Outlook 2003, Word 2003, Excel 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, Access 2003, InfoPath 2003, and OneNote 2003
• Exchange 2000 Server Service Pack 3 (SP3)
• Exchange Server 2003 and Exchange Server 2003 SP1
• Exchange Server 5.0 SP2
• Exchange Server 5.5 SP4
Technical bulletin: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
Security Bulletin MS05-013
Maximum severity: Critical
Update number: 891781
Supported software affected:
• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Windows Me, Windows 98 SE, and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
Technical bulletin: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution (891781)
Security Bulletin MS05-014
Maximum severity: Critical
Update number: 867282
Supported software affected:
• Internet Explorer 6 SP1 on Windows XP SP1, on Windows XP, or on Windows 2000 SP4 or SP3
• Internet Explorer 6 SP1 on Windows Me, on Windows 98 SE, or on Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
• Internet Explorer 6 for Windows XP SP1 (64-Bit Edition)
• Internet Explorer 6 for Windows Server 2003
• Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
• Internet Explorer 6 for Windows XP SP2
• Internet Explorer 5.5 SP2 on Windows Me
Note This update is being made available under extended support for critical security issues.
• Internet Explorer 5.01 SP4 on Windows 2000 SP4
• Internet Explorer 5.01 SP3 on Windows 2000 SP3
Technical bulletin: Cumulative Security Update for Internet Explorer (867282)
Security Bulletin MS05-015
Maximum severity: Critical
Update number: 888113
Supported software affected:
• Windows XP SP2 and SP1
• Windows 2000 SP4 and SP3
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Windows Me, Windows 98 SE, and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
Technical bulletin: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
* Para parchear alguna versión de Exchange, sólo es necesario actualizar el sistema operativo en el que está instalado con su parche correspondiente.
Un saludo.
------------------
Benjamin Mateos