August Security Bulletins

Uncategorized
Comments Off on August Security Bulletins

Its that time of the month folks, Microsoft Patchday. Review security alerts below and get to patching. Please test these patches first and if you encounter any issues make sure to attend the Technet webcast tomorrow when you can ask questions and get some help.

On the side note, Juniper routers (and IDS) seem to already protect against the exploits listed below. “Juniper Networks Protects Customers Against New Microsoft Windows Vulnerabilities Disclosed Today.” Way to go Juniper!

Bulletin Summary:

http://www.microsoft.com/technet/security/Bulletin/ms05-Aug.mspx

Critical Bulletins:

Cumulative Security Update for Internet Explorer (896727)
http://www.microsoft.com/technet/security/Bulletin/ms05-038.mspx

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
http://www.microsoft.com/technet/security/Bulletin/ms05-039.mspx

Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
http://www.microsoft.com/technet/security/Bulletin/ms05-043.mspx

Important Bulletins:

Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
http://www.microsoft.com/technet/security/Bulletin/ms05-040.mspx

Moderate Bulletins:

Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
http://www.microsoft.com/technet/security/Bulletin/ms05-041.mspx

Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
http://www.microsoft.com/technet/security/Bulletin/ms05-042.mspx

Re-Released Bulletins:

Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
http://www.microsoft.com/technet/security/Bulletin/ms05-023.mspx

Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
(890169)
http://www.microsoft.com/technet/security/Bulletin/ms05-032.mspx

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Update:
By the way, the IE patch (896727) cannot be installed because the digital certificate of the path is invalid. Just a heads up for anybody that encounters “file is corrupt” errors while installing that patch.