Microsoft Security Bulletins for April 2005

[Jerry Bryant [MSFT]]

Follow up set to: microsoft.public.security

April 12, 2005
Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are
authoritative in all matters concerning Microsoft Security Bulletins! ANY
e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See the
individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/security/Bulletin/ms05-apr.mspx

Critical Bulletins:

Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of
Service (893066)
http://www.microsoft.com/technet/security/Bulletin/ms05-019.mspx

Cumulative Security Update for Internet Explorer (890923)
http://www.microsoft.com/technet/security/Bulletin/ms05-020.mspx

Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
http://www.microsoft.com/technet/security/Bulletin/ms05-021.mspx

Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)
http://www.microsoft.com/technet/security/Bulletin/ms05-022.mspx

Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
http://www.microsoft.com/technet/security/Bulletin/ms05-023.mspx

Important Bulletins:

Vulnerability in Windows Shell that Could Allow Remote Code Execution
(893086)
http://www.microsoft.com/technet/security/Bulletin/ms05-016.mspx

Vulnerability in Message Queuing Could Allow Code Execution (892944)
http://www.microsoft.com/technet/security/Bulletin/ms05-017.mspx

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and
Denial of Service (890859)
http://www.microsoft.com/technet/security/Bulletin/ms05-018.mspx

This represents our regularly scheduled monthly bulletin release (second
Tuesday of each month). Please note that Microsoft may release bulletins out
side of this schedule if we determine the need to do so. If you have any
questions regarding the patch or its implementation after reading the above
listed bulletin you should contact Product Support Services in the United
States at 1-866-PCSafety (1-866-727-2338). International customers should
contact their local subsidiary.

--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Once again in the April Summary some of the Update Numbers listed are not
those which are actually downloaded by Windows Update. For example MS 05-023
shows Update Number 890169 but this seems really to be a cover for 887977,
887978 and 887979 one of which will be downloaded depending on which version
of Word is in use.

Would it not be a good thing for customers who receive the Monthly Summaries
to be able to check off the updates downloaded directly against those listed
in the Summary, rather than delving into Bulletins to find the relevance of
the update downloaded through Windows Update ? Could the Monthly Summaries
not be expanded to show the numbers of the updates which will *actually be
downloaded*, preferably against the product affected ?

I have made this point before by e-mail to Security Response but was told
this was a 'technical support issue' so I didn't get too far.

Regards,
Tom Allen