July Security Bulletin

  • Article

This just came into my email!  Details about July security updates

New Security Bulletins

Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:

Critical MS05-035 Microsoft Office Remote Code Execution
Critical MS05-036 Microsoft Windows Elevation of Privilege
Critical MS05-037 Microsoft Windows Remote Code Execution

The summary for this month's bulletins can be found at the following page:

https://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx

Re-released Security Bulletins
In addition, Microsoft is re-releasing the following security bulletins
(NOTE: This list contains ONLY those products affected by the re-release and the severity of the vulnerability for those products affected by the re-release)

Moderate MS05-033 Microsoft Windows Services for UNIX 2.0 & 2.1 Information Disclosure

Information on these re-released bulletins may be found at the following pages:
 https://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
https://go.microsoft.com/fwlink/?LinkId=40573

High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)
Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and WSUS:

KB895658 Update for Outlook 2003 Junk Email Filter MU, WSUS
KB895332 Update for InterConnect 2004  (Japanese Language only) MU, WSUS

TechNet Webcast: Information about Microsoft's July Security Bulletins (Level 100)
Wednesday, July 13, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
 
https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032276892&EventCategory=4&culture=en-US&CountryCode=US

The on-demand version of the webcast will be available 24 hours after the live webcast at:
https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032276892&EventCategory=4&culture=en-US&CountryCode=US

**********************************************************************
TECHNICAL DETAILS
MS05-035
Title:  Vulnerability in Microsoft Word Could Allow Remote Code Execution (KB895333)

Affected Software:
• Microsoft Office 2000 Software Service Pack 3
• Word 2000
• Microsoft Office XP Software Service Pack 3
• Word 2002
• Microsoft Works Suite 2001
• Microsoft Works Suite 2002
• Microsoft Works Suite 2003
• Microsoft Works Suite 2004

Non-Affected Software:
• Microsoft Office 2003 Word
• Microsoft Office Word 2003 Viewer

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: To help reduce the chance that a reboot will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Update can be uninstalled:  No

More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS05-035.mspx

**********************************************************************
MS05-036
Title:  Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)

Affected Software:
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of the bulletin for details about these operating systems.

Impact of Vulnerability: Elevation of Privilege

Maximum Severity Rating: Critical

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS05-036.mspx

**********************************************************************
MS05-037
Title:  Security Update for JView Profiler (KB903235)

Affected Software:
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003
• Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Affected Components:
• JView Profiler
• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
• Internet Explorer 6 for Microsoft Windows XP Service Pack 2
• Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Internet Explorer 6 for Microsoft Windows XP 64-Bit Edition Versions 2003 (Itanium), Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, and Microsoft Windows XP Professional x64 Edition
• Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition – Review the FAQ section of the bulletin for details about these operating systems.

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart required: No

Update can be uninstalled: Yes

More information on this vulnerability is available at: https://www.microsoft.com/technet/security/bulletin/MS05-037.mspx

**********************************************************************
MS05-033
Title:  Vulnerability in Telnet Client Could Allow Information Disclosure (896428)

Affected Software (re-release only):
• Microsoft Windows Services for UNIX 2.0
• Microsoft Windows Services for UNIX 2.1

Reason for Re-release: Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects Windows Services for Unix 2.0 and Windows Services for Unix 2.1. Microsoft has updated the bulletin with additional information about these security updates. Customers who are not using Windows Services for Unix 2.0 or Windows Services for UNIX 2.1 and have previously installed the security updates provided as part of the original release of this bulletin do not need to install the new security update.
More information on this re-released bulletin is available at: https://www.microsoft.com/technet/security/bulletin/MS05-033.mspx