BleepingComputer.com > Microsoft Security Updates

Full Version: Microsoft Security Updates - November 2005

BleepingComputer.com > Security > Breaking Virus & Security News

harrywaldron

Nov 9 2005, 09:09 AM

One critical update for Windows for issued by Microsoft during November 2005. The MS05-053 security update fixes vulnerabilites associated with heap overflow errors when malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) images are processed. All Windows systems should be patched expediently as reverse engineering and the development of exploits are likely.

Microsoft Security Bulletin MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
http://www.microsoft.com/technet/security/...n/MS05-053.mspx

PATCHES THESE THREE VULNERABILITES

Graphics Rendering Engine - CAN-2005-2123: A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system. Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Windows Metafile Vulnerability - CAN-2005-2124: A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) image format that could allow remote code execution on an affected system. Any program that renders WMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Enhanced Metafile Vulnerability - CAN-2005-0803: A denial of service vulnerability exists in the rendering of Enhanced Metafile (EMF) image format that could allow any program that renders EMF images to be vulnerable to attack. An attacker who successfully exploited this vulnerability could cause the affected programs to stop responding.

AFFECTED PRODUCTS
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 200
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

OTHER REFERENCES

Microsoft Windows WMF/EMF File Handling Vulnerabilities
http://www.frsirt.com/english/advisories/2005/2348

MS05-053 - More Graphic Rendering Buffer Overflow Vulnerabilities
http://isc.sans.org/diary.php?storyid=831

WINDOWS UPDATE LINK
http://www.microsoft.com/windowsupdate

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.