Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Updates - November 2005


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:20 PM

Posted 09 November 2005 - 09:09 AM

One critical update for Windows for issued by Microsoft during November 2005. The MS05-053 security update fixes vulnerabilites associated with heap overflow errors when malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) images are processed. All Windows systems should be patched expediently as reverse engineering and the development of exploits are likely.

Microsoft Security Bulletin MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
http://www.microsoft.com/technet/security/...n/MS05-053.mspx

PATCHES THESE THREE VULNERABILITES

Graphics Rendering Engine - CAN-2005-2123: A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system. Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Windows Metafile Vulnerability - CAN-2005-2124: A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) image format that could allow remote code execution on an affected system. Any program that renders WMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Enhanced Metafile Vulnerability - CAN-2005-0803: A denial of service vulnerability exists in the rendering of Enhanced Metafile (EMF) image format that could allow any program that renders EMF images to be vulnerable to attack. An attacker who successfully exploited this vulnerability could cause the affected programs to stop responding.

AFFECTED PRODUCTS
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 200
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

OTHER REFERENCES

Microsoft Windows WMF/EMF File Handling Vulnerabilities
http://www.frsirt.com/english/advisories/2005/2348

MS05-053 - More Graphic Rendering Buffer Overflow Vulnerabilities
http://isc.sans.org/diary.php?storyid=831

WINDOWS UPDATE LINK
http://www.microsoft.com/windowsupdate

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users