Microsoft

Microsoft releases five critical and three important security bulletins

After skipping last month's security bulletin, Microsoft is making up for lost time with the release of five critical and three important updates, which collectively address 18 vulnerabilities. In this edition of the IT Locksmith, John McCormick examines all eight security bulletins and tells you what you need to know.

Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!

After a month of relative silence, Microsoft gets back in the security game with a vengeance this week, releasing multiple critical security patches.

Details

After skipping last month's security bulletin, Microsoft has resumed its regularly scheduled security bulletin schedule, and it's making up for lost time. This month, the software giant has released eight bulletins, five of which it rates critical, and addresses a whopping 18 vulnerabilities. Let's take a look at the most critical bulletins first.

MS05-019

Microsoft Security Bulletin MS05-019, "Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service," covers five of these vulnerabilities—a remote code execution threat and four denial of service (DoS) threats.

Applicability
MS05-019 affects the following systems:

  • Windows 2000 SP3
  • Windows 2000 SP4
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP 64-bit Edition SP1
  • Windows XP 64-bit Edition Version 2003
  • Windows Server 2003
  • Windows Server 2003 for Itanium-based systems
  • Windows 98
  • Windows SE
  • Windows ME

The following systems are not affected:

  • Windows Server 2003 SP1
  • Windows Server 2003 SP1 for Itanium-based systems
  • Windows Server 2003 64-bit Edition
  • Windows XP Professional 64-bit Edition

Risk level – Critical
Microsoft has given MS05-019 a critical rating for Windows 2000 SP3, Windows 2000 SP4, and Windows XP SP2. It is a moderate risk for Windows XP SP2, Windows XP 64-bit SP1, Windows XP 64-bit Version 2003, Windows Server 2003, and Windows Server 2003 for Itanium-based systems. It is not critical for Windows 98, Windows SE, and Windows ME.

Mitigating factors
There are many mitigating factors with MS05-019 because it affects so many versions and includes several vulnerabilities. For more details, check out the security bulletin.

Fix
Install the updates. In addition, there are multiple workarounds for most of the various vulnerabilities and affected software versions. For more information, check out the Vulnerability Details section of the security bulletin.

MS05-020

Microsoft Security Bulletin MS05-020, "Cumulative Security Update for Internet Explorer," includes three remote code execution threats.

This cumulative update affects most Internet Explorer versions after 5.0 and most Windows versions (except those listed below).

Applicability
MS-020 affects the following systems:

  • Windows 2000 SP3
  • Windows 2000 SP4
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP 64-bit Edition SP1
  • Windows XP 64-bit Edition Version 2003
  • Windows Server 2003
  • Windows Server 2003 for Itanium-based systems
  • Windows 98
  • Windows SE
  • Windows ME

The following systems are not affected:

  • Windows Server 2003 SP1
  • Windows Server 2003 SP1 for Itanium-based systems
  • Windows Server 2003 64-bit Edition
  • Windows XP Professional 64-bit Edition

Risk level – Critical
At least one, if not more, of the vulnerabilities included in MS05-020 is critical for every affected version.

Mitigating factors
There are many mitigating factors with MS05-020 because it affects so many versions and includes several vulnerabilities. For more details, check out the security bulletin.

Fix
Install the updates. Note: A number of possible problems can occur when you install this update. For more details as well as workarounds, check out Microsoft Knowledge Base article 890923.

In addition, there are multiple workarounds for the various vulnerabilities and affected software versions. For more information, check out the Vulnerability Details section of the security bulletin.

MS05-021

Microsoft Security Bulletin MS05-021, "Vulnerability in Exchange Server Could Allow Remote Code Execution," addresses a single Exchange Server vulnerability (CAN-2005-0560), which you can detect and fix using Systems Management Server.

Applicability
MS05-021 affects Exchange Server 2000 SP3, Exchange Server 2003, and Exchange Server 2003 SP1. It does not affect Exchange Server 5.5 SP4 and Exchange Server 5.0 SP2.

Risk level – Critical
Microsoft has given MS05-021 a critical rating for Exchange Server 2000 SP3, but it is a moderate risk for Exchange Server 2003 and Exchange Server 2003 SP1.

Mitigating factors
An attack can only occur via an open SMTP port, and only an authenticated attacker could use this attack vector.

Fix
Install the updates. In addition, while there are several complex workarounds listed in the security bulletin, you can also block SMTP at the firewall (port 25).

MS05-022

Microsoft Security Bulletin MS05-022, "Vulnerability in MSN Messenger Could Lead to Remote Code Execution," also addresses a single MSN Messenger vulnerability (CAN-2005-0562). However, you can not use the Systems Management Server to detect or fix this particular threat. To determine whether you need an update, use the new version of the Enterprise Update Scan Tool.

Applicability
MS05-022 affects MSN Messenger 6.2, but it does not affect MSN Messenger 7.

Risk level – Critical
This is a critical risk.

Mitigating factors
To be vulnerable, a user would have to add the attacker to his or her contact list.

Fix
Install the update. Or, a workaround is to simply refuse downloads over MSN Messenger.

MS05-023

Microsoft Security Bulletin MS05-23, "Vulnerabilities in Microsoft Word May Lead to Remote Code Execution," includes two buffer overruns in Microsoft Word (CAN-2004-0963 and CAN-2005-0558). You can use Systems Management Server to detect and fix these threats.

Applicability
MS05-23 affects Word 2000, Word 2002, Word 2003, Microsoft Works Suite 2001, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004. Microsoft has not tested earlier versions of Word since it no longer supports these versions.

Risk level – Critical
MS05-23 is a critical risk for Word 2000 and Word 2002, but Microsoft has given it an important rating for Word 2003.

Mitigating factors
The attacker would only gain the privilege of the user.

Fix
Install the update. If you choose not to update, do not open unexpected Word documents or those from untrusted sources. Also, take steps to disable that automatic opening of downloaded files so the system instead prompts the user to save or open all files.

The remaining three security bulletins are of lesser importance.

MS05-016

Microsoft Security Bulletin MS05-016, "Vulnerability in Windows Shell that Could Allow Remote Code Execution," is a single vulnerability in the HTML Application Host, and the Systems Management Server can detect and fix this threat.

Applicability
MS05-016 affects the following systems:

  • Windows 2000 SP3
  • Windows 2000 SP4
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP 64-bit Edition SP1
  • Windows XP 64-bit Edition Version 2003
  • Windows Server 2003
  • Windows Server 2003 for Itanium-based systems
  • Windows 98
  • Windows SE
  • Windows ME

The following systems are not affected:

  • Windows Server 2003 SP1
  • Windows Server 2003 SP1 for Itanium-based systems
  • Windows Server 2003 64-bit Edition
  • Windows XP Professional 64-bit Edition

Risk level – Important
Microsoft has given MS05-016 an important rating for Windows 2000 SP3, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, Windows XP 64-bit SP1, Windows XP 64-bit Version 2003, Windows Server 2003, and Windows Server 2003 for Itanium-based systems. For Windows 98, Windows SE, and Windows ME, the risk is not critical.

Mitigating factors
This attack isn't automatic. Instead, the user must open an e-mail attachment to be vulnerable.

Fix
Install the update. As a workaround, Microsoft recommends disabling the HTML Application Host application. To do so, go to Start | Run, enter %windir%\system32\mshta.exe /unregister, and press [Enter].

MS05-017

Microsoft Security Bulletin MS05-017, "Vulnerability in Message Queuing Could Allow Code Execution," is also a single threat that affects users of Microsoft Message Queuing (MSMQ). Systems Management Server can also detect and fix this threat.

Applicability
MS05-017 affects Windows 2000 SP3, Windows 2000 SP4, Windows XP SP1, Windows XP 64-bit SP1, Windows 98, and Windows SE. This bulletin does not affect Windows XP SP2, Windows XP 64-bit Version 2003, Windows Server 2003, Windows Server 2003 SP1, Windows Server 2003 for Itanium-based systems, and Windows ME.

Risk level – Important
MS05-017 is a critical risk for Windows 2000 SP3, Windows 2000 SP4, Windows XP SP1, and Windows XP 64-bit SP1. The risk is not critical for Windows 98 and Windows SE.

Mitigating factors
Message Queuing is not a default part of the installation on any system.

Fix
Install the update. As a workaround, Microsoft recommends blocking UDP ports 135, 137, 138, 445, 1801, and 3527, blocking TCP ports 135, 139, 445, 593, 1801, 2101, 2103, 2105, and 2107, and blocking all unsolicited inbound traffic on ports greater than 1024.

MS05-018

Microsoft Security Bulletin MS05-018, "Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service," consists of three elevations of privilege and one DoS vulnerability.

So far, I have seen no reports of any attempts to exploit any of these four vulnerabilities.

Applicability
MS05-018 affects the following systems:

  • Windows 2000 SP3
  • Windows 2000 SP4
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP 64-bit Edition SP1
  • Windows XP 64-bit Edition Version 2003
  • Windows Server 2003
  • Windows Server 2003 for Itanium-based systems
  • Windows 98
  • Windows SE
  • Windows ME

The following systems are not affected:

  • Windows Server 2003 SP1
  • Windows Server 2003 SP1 for Itanium-based systems
  • Windows Server 2003 64-bit Edition
  • Windows XP Professional 64-bit Edition

Risk level – Important
Microsoft has given MS05-018 an important rating for Windows 2000 SP3, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, Windows XP 64-bit SP1, Windows XP 64-bit Version 2003, Windows Server 2003, and Windows Server 2003 for Itanium-based systems. For Windows 98, Windows SE, and Windows ME, the risk is not critical.

Mitigating factors
An attacker would need valid logon credentials and local access to exploit all of these vulnerabilities.

Fix
Install the update. Otherwise, there are no known workarounds for any of the vulnerabilities addressed in this security bulletin.

Final word

Whew!

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.

Editor's Picks

Free Newsletters, In your Inbox