Advisories

CERT-In Advisory CIAD-2005-0012

Multiple vulnerabilities in Microsoft Windows and Internet Explorer

Original Issue Date: June 15, 2005

Severity Rating: High

Systems Affected

Microsoft windows components

Overview

Multiple vulnerabilities have been discovered in various Microsoft Windows components. This advisory describes various vulnerabilities addressed by the Microsoft Security Bulletins of June 2005.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS05-025:Cumulative Security Update for Internet Explorer 883939	High	CIVN-2005-0048 Internet Explorer Vulnerabilities
MS05-026:Vulnerability in HTML Help Could Allow Remote Code Execution 896358	High	CIVN-2005-0049 Microsoft Windows HTML Help Remote Code Execution
MS05-027:Vulnerability in SMB Could Allow Remote Code Execution 896422	High	CIVN-2005-0050 Remote Code Execution Vulnerability in Server Message Block
MS05-028:Vulnerability in Web Client Service May Allow Remote Code Execution 896426	Medium	CIVN-2005-0051 Remote Code Execution Vulnerability in Web Client Service
MS05-029:Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks 895179	Medium	CIVN-2005-0052 Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks
MS05-030:Cumulative Security Update for Outlook Express 897715	Medium	CIVN-2005-0053 Outlook Express NNTP response parsing Vulnerability
MS05-031:Vulnerability in Microsoft Windows Interactive Training Could Allow Remote Code Execution 898458	Medium	CIVN-2005-0054 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution
MS05-032:Vulnerability in Microsoft Agent Could Allow Spoofing 890046	Low	CIVN-2005-0055 Vulnerability in Microsoft Agent Could Allow Spoofing
MS05-033:Vulnerability in Telnet Client Could Allow Information Disclosure 896428	Low	CIVN-2005-0056 Vulnerability in Telnet Client Could Allow Information Disclosure
MS05-034:Cumulative Security Update for ISA Server 2000 899753	Low	CIVN-2005-0057 Vulnerabilities in Microsoft ISA server

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin june 2005
http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/security/bulletins/default.mspx
Microsoft Corporation
http://www.microsoft.com/security/bulletins/default.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India