Windows Security Updates Summary for February 2005

Update for Outlook 2003 Junk Email Filter (KB891067)

This optional update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail. This update was released in February 2005.

Quick Info
File Name:
office2003-KB891067-fullfile-ENU.exe
Download Size: 3509 KB
Date Published: 2/8/2005
Version: 1

System Requirements
Supported Operating Systems:
Windows 2000 Service Pack 3, Windows Server 2003, Windows XP

This update applies to the following product: Microsoft Office Outlook 2003

Download: Update for Outlook 2003 Junk Email Filter (KB891067)

----------------------------

Update for Office 2003 (KB885828)

This update increases the reliability of Smart Tags by placing additional restrictions on the ability to associate web sites with Smart Tag actions.

Quick Info
Download Size:
1688 KB - 7436 KB
Date Published: 2/8/2005
Version: 1

Overview
You can get specific information about this update in the Microsoft Knowledge Base article Description of the Update for Office 2003 (KB885828).

System Requirements
Supported Operating Systems:
Windows 2000 Service Pack 3, Windows Server 2003, Windows XP

This update applies to the following product: Microsoft Office 2003

To install the update, you must have the following:
Office 2003 Service Pack 1

Note: The full-file version (office2003-kb885828-fullfile-enu.exe) of this update installs successfully on Office 2003 Service Pack 1 or Office 2003 RTM installations.

Download: Update for Office 2003 (KB885828)

---------------------------

Update for Office 2003 (KB887980)

This Microsoft Office 2003 update allows Microsoft Office FrontPage 2003 to display the value of the Turkish Lira in both the old and the new Lira formats

Quick Info
Download Size:
271 KB - 1316 KB
Date Published: 2/8/2005
Version: 1

Overview
This update should only be installed on English and Turkish versions of Office 2003. An update for all other language versions of Office 2003 will be released at a later time

You can get specific information about this update in the Microsoft Knowledge Base article Description of the Update for Office 2003 (KB887980).

System Requirements
Supported Operating Systems:
Windows 2000 Service Pack 3, Windows Server 2003, Windows XP

This update applies to the following product: Microsoft Office 2003

To install the update, you must have the following:
Office 2003 Service Pack 1

Note: The full-file version (office2003-kb887980-fullfile-enu.exe) of this update installs successfully on Office 2003 Service Pack 1 or Office 2003 RTM installations.

Download: Update for Office 2003 (KB887980)

----------------------------

Microsoft Security Bulletin MS05-004
ASP.NET Path Validation Vulnerability (887219)


Issued: February 8, 2005
Version: 1.0

Summary
Who should read this document: Customers who use Microsoft® Windows® .NET Framework

Impact of Vulnerability: Information Disclosure, possible Elevation of Privilege

Maximum Severity Rating: Important

Recommendation: Customers should install the update at the earliest opportunity.

Security Update Replacement: None.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

Microsoft .NET Framework 1.0


Download the update for .NET Framework 1.0 Service Pack 3 for the following operating system versions:

• Windows 2000 Service Pack 3 or Service Pack 4

• Windows XP Service Pack 1 or Windows XP Service Pack 2,

• Windows Server 2003

Download the update for .NET Framework 1.0 Service Pack 3 for the following operating system versions:

• Windows XP Tablet PC Edition

• Windows XP Media Center Edition

Download the update for .NET Framework 1.0 Service Pack 2 for the following operating system versions:

• Windows 2000 Service Pack 3 or Service Pack 4

• Windows XP Service Pack 1 or Windows XP Service Pack 2,

• Windows Server 2003

Download the update for .NET Framework 1.0 Service Pack 2 for the following operating system versions:

• Windows XP Tablet PC Edition

• Windows XP Media Center Edition

Microsoft .NET Framework 1.1

Download the update for .NET Framework 1.1 Service Pack 1 for the following operating system versions:

• Windows 2000 Service Pack 3 or Service Pack 4

• Windows XP Service Pack 1 or Windows XP Service Pack 2,

• Windows XP Tablet PC Edition

• Windows XP Media Center Edition

Download the update for .NET Framework 1.1 Service Pack 1 for the following operating system versions:

• Windows Server 2003

Download the update for .NET Framework 1.1 for the following operating system versions:

• Windows 2000 Service Pack 3 or Service Pack 4

• Windows XP Service Pack 1 or Windows XP Service Pack 2,

• Windows XP Tablet PC Edition

• Windows XP Media Center Edition

Download the update for .NET Framework 1.1 for the following operating system versions:

• Windows Server 2003

Non-Affected Software:

• None

Affected Components:

• ASP.NET

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

Download: ASP.NET Path Validation Vulnerability (887219)

-------------------------

Security Bulletin MS05-006
Maximum severity: Moderate
Update number: 887981
Supported software affected:• Windows SharePoint Services for Windows Server 2003
Technical bulletin: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

-------------------------

Security Bulletin MS05-007
Maximum severity: Important
Update number: 888302
Supported software affected:• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
Technical bulletin: Vulnerability in Windows Could Allow Information Disclosure (888302)

-------------------------

Security Bulletin MS05-008
Maximum severity: Important
Update number: 890047
Supported software affected:• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

--------------------------

Security Bulletin MS05-009
Maximum severity: Critical
Update number: 890261
Supported software affected:• Windows Media Player 9 on Windows XP, Windows 2000, or Windows Server 2003
• Windows XP 64-Bit Edition SP1 running Windows Messenger
• Windows XP 64-Bit Edition Version 2003 running Windows Messenger
• Windows Millennium Edition (Windows Me), Windows 98 Second Edition (SE), and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues. • Windows Messenger 4.7.2009 on Windows XP SP1 and Windows XP
• Windows Messenger 4.7.3000 on Windows XP SP2
• Windows Messenger 5.0
Technical bulletin: Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)

----------------------------

Security Bulletin MS05-010
Maximum severity: Critical
Update number: 885834
Supported software affected:• Windows NT Server 4.0 SP6a
• Windows NT Server 4.0, Terminal Server Edition SP6
• Windows 2000 Server SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in the License Logging Service Could Allow Code Execution (885834)

------------------------

Security Bulletin MS05-011
Maximum severity: Critical
Update number: 885250
Supported software affected:• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
Technical bulletin: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

------------------------

Security Bulletin MS05-012
Maximum severity: Critical
Update number: 873333
Supported software affected:• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Office XP Service Pack 3 (SP3), Office XP SP2, and Office XP
Note Office XP includes Outlook 2002, Word 2002, Excel 2002, PowerPoint 2002, FrontPage 2002, Publisher 2002, and Access 2002 • Office 2003 SP1 and Office 2003
Note Office 2003 includes Outlook 2003, Word 2003, Excel 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, Access 2003, InfoPath 2003, and OneNote 2003 • Exchange 2000 Server Service Pack 3 (SP3)
• Exchange Server 2003 and Exchange Server 2003 SP1
• Exchange Server 5.0 SP2
• Exchange Server 5.5 SP4
Technical bulletin: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

-----------------------

Security Bulletin MS05-013
Maximum severity:
Critical
Update number: 891781
Supported software affected:• Windows XP SP2 and SP1
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows 2000 SP4 and SP3
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Windows Me, Windows 98 SE, and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
Technical bulletin: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution (891781)

-------------------------

Security Bulletin MS05-014
Maximum severity:
Critical
Update number: 867282
Supported software affected:• Internet Explorer 6 SP1 on Windows XP SP1, on Windows XP, or on Windows 2000 SP4 or SP3
• Internet Explorer 6 SP1 on Windows Me, on Windows 98 SE, or on Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues. • Internet Explorer 6 for Windows XP SP1 (64-Bit Edition)
• Internet Explorer 6 for Windows Server 2003
• Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
• Internet Explorer 6 for Windows XP SP2
• Internet Explorer 5.5 SP2 on Windows Me
Note This update is being made available under extended support for critical security issues. • Internet Explorer 5.01 SP4 on Windows 2000 SP4
• Internet Explorer 5.01 SP3 on Windows 2000 SP3
Technical bulletin: Cumulative Security Update for Internet Explorer (867282)

--------------------

Security Bulletin MS05-015
Maximum severity:
Critical
Update number: 888113
Supported software affected:• Windows XP SP2 and SP1
• Windows 2000 SP4 and SP3
• Windows XP 64-Bit Edition SP1 (Itanium)
• Windows XP 64-Bit Edition Version 2003 (Itanium)
• Windows Server 2003
• Windows Server 2003 for 64-Bit Itanium-based Systems
• Windows Me, Windows 98 SE, and Windows 98
Note Updates for Windows Me, Windows 98 SE, and Windows 98 are being made available under extended support for critical security issues.
Technical bulletin: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

Visit for all the Information:
 
Well since I wasn't here for January, I never posted any patches for the month. Well here they are.

MS Release Patches For January 2005

---------------------------

Microsoft Security Bulletin MS05-001
Vulnerability in HTML Help Could Allow Code Execution (890175)


Issued: January 11, 2005
Version: 1.0

Summary
Who should read this document:
Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: None

Caveats: Microsoft Knowledge Base Article 890175 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.

Windows NT Server 4.0 and Windows NT 4.0 Terminal Server Edition are not affected by default. However, if you have installed Internet Explorer 6.0 Service Pack 1, which is the only supported version of Internet Explorer for Windows NT Server 4.0 and Windows NT 4.0 Terminal Server Edition, you will have the affected component on your system. An update is available for these configurations: see the download for Internet Explorer 6 Service Pack 1 under Affected Components.

Tested Software and Security Update Download Locations:
Affected Software:


• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 – Download the update

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – Download the update

• Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update

• Microsoft Windows XP 64-Bit Edition Version 2003 –Download the update

• Microsoft Windows Server 2003 – Download the update

• Microsoft Windows Server 2003 64-Bit Edition – Download the update

• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

Non-Affected Software:

• Microsoft Windows NT Server 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

Tested Microsoft Windows Components:

Affected Components:


• Internet Explorer 6.0 Service Pack 1 when installed on Microsoft Windows NT Server 4.0 Service Pack 6a or Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

Download: Vulnerability in HTML Help Could Allow Code Execution (890175)

------------------------

Microsoft Security Bulletin MS05-002
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)


Issued: January 11, 2005
Version: 1.1

Summary
Who should read this document:
Customers using Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for more information.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:


• Microsoft Windows NT Server 4.0 Service Pack 6a – Download the update

• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update

• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 – Download the update

• Microsoft Windows XP Service Pack 1 – Download the update

• Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update

• Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update

• Microsoft Windows Server 2003 – Download the update

• Microsoft Windows Server 2003 64-Bit Edition – Download the update

• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

Non-Affected Software:

• Microsoft Windows XP Service Pack 2

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

Download: Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)

------------------------------

Microsoft Security Bulletin MS05-003
Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)

Issued:
January 11, 2005
Version: 1.0

Summary
Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should consider applying the security update.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:


• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 – Download the update

• Microsoft Windows XP Service Pack 1 – Download the update

• Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update

• Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update

• Microsoft Windows Server 2003 – Download the update

• Microsoft Windows Server 2003 64-Bit Edition – Download the update

Non-Affected Software:

• Microsoft Windows NT Server 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

• Microsoft Windows XP Service Pack 2

• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Tested Microsoft Windows Components:

Affected Components:


• Indexing Service

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

Download: Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
 
Back
Top