Microsoft patches IE in August security update
By Alun Williams
Posted on 10 Aug 2005 at 11:23
Microsoft has issued six bulletins as part of its monthly security update. Three are rated as Critical, one as Important and two as Moderate, with the much-patched IE once again receiving attention.
Beginning wit the critical updates, bulletin MS05-038 patches a flaw in IE that could allow a remote attacker to execute code on affected systems. It includes a memory corruption vulnerability that involves JPEG image rendering. Most versions of Windows are affected, but see the bulletin for precise version information.
Bulletin MS05-039 again involves a vulnerability that could allow remote code execution and the local elevation of user privileges. The flaw exists in Plug and Play functionality, potentially enabling an attacker to install programs and view, change, or delete data.
The third Critical bulletin - MS05-043 - involves a vulnerability in the Print Spooler service that could allow remote code execution.
Bulletin MS05-040 has a rating of Important and addresses a vulnerability in the Telephony Application Programming Interface (TAPI) service which, again, could allow remote code execution.
Bulletins MS05-041 and MS05-042 are rated as Moderate and could be used as part of Denial of Service (DoS) attacks. The first involves a vulnerability in the Remote Desktop Protocol (RDP), which could allow an attacker to cause a system to stop responding, and the second involves vulnerabilities in the Kerberos system that could lead to unauthorised information disclosure as well as DoS attacks.
Microsoft is also re-releasing two security bulletins. MS05-023 is rated as Critical and involves Microsoft Word (it has been determined that the vulnerability originally addressed also affects Microsoft Word 2003 Viewer). Bulletin MS05-032 is rated as moderate and involves a Microsoft Agent vulnerability (revised updates are available for 64-bit versions of Windows).
As always, users are recommended to update their software with the latest patches.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
