Three New Microsoft Bulletins

← Back to Stories (view on slashdot.org)

Three New Microsoft Bulletins

Posted by michael on Tuesday January 11, 2005 @09:02AM from the security-is-priority-one dept.

Jimmy M writes "Microsoft has released three security bulletins for January, which correct vulnerabilities in the handling of Icon and Cursor files, Indexing Services, and HTML Help. Bulletin MS05-001 (HTML Help) is the Extremely Critical vulnerability (Demonstration) that Secunia warned about last week - nice to see a quick move from MS. All updates are available from Windows Update."

6 of 224 comments (clear)

Min score:

Reason:

Sort:

XP SP2 by Rolan · 2005-01-11 09:03 · Score: 4, Informative

It should be noted that those with XP SP2 are only affected by MS005-01.

--
- AMW
What I find more interesting.. by MrP-(at+work) · 2005-01-11 09:05 · Score: 5, Informative

It would also seem microsoft released "Malicious Software Removal Tool" on WindowsUpdate

It finds and fixes some common worms.. They plan on releasing a new version every second Tuesday of each month, and each new version will continue to clean worms from the previous versions.

Wonder what the antivirus companies think about this

--
[an error occurred while processing this directive]
1. Re:What I find more interesting.. by dewke · 2005-01-11 09:21 · Score: 4, Informative
  
  I think this sums it up nicely.
  
  --
  Oderint dum metuant
More information... by MrP-(at+work) · 2005-01-11 09:07 · Score: 4, Informative

This page has more technical information about the tool.

--
[an error occurred while processing this directive]
Re:Spite by RAMMS+EIN · 2005-01-11 09:17 · Score: 4, Informative

``How many will reply to me saying I'm out of my mind?''

At least one. The vulnerability was updated on 2004-10-21. That means it existed at least about 3 months before the fix. I don't know about you, but I don't call that quick.

--
Please correct me if I got my facts wrong.
Some clarifications and important notes by Jugalator · 2005-01-11 09:27 · Score: 5, Informative

First, Secunia released the advisory for Windows security update 890175 (MS05-001) back in 2004-10-20. Secunia linked to a workaround for the flaw 8 days after this, that was posted by Microsoft. Secunia increased the severity rating in 2005-01-07, and 4 days later, Microsoft has now posted an actual fix.

Now, the story, unfortunately for Windows users, and fortunately for e.g. open source evangelists, it seems like there is some things to be aware of if needing to uninstall the fix, for example due to possible problems caused by this fix, which are mentioned here, under the "Known Issues" heading.

In other words, we're talking about one issue that may appear as a direct consequence of installing this (my first link) and another one if you then decide to uninstall this fix (my second link).

Of course, if you aren't subject to the first problem, you don't need to do a thing and you are indeed living in the environment Microsoft was crossing their fingers for that you would be in.

--
Beware: In C++, your friends can see your privates!