|
||||||||||||
You have accessed an archived page on the Public Safety and Emergency Preparedness Canada website. This material may be outdated. Please consult our new site for up-to-date information. |
|
Advisory Number: AV05-018 Update
On April 23, 2005, Microsoft issued a Knowledge Base Article addressing a network connectivity failure which may occur after the installation of either security update MS05-019 or Microsoft Windows Server 2003 Service Pack 1 (SP1).
The Knowledge Base Article and hotfix information can be found here: http://support.microsoft.com/kb/898060 The Master Knowledge Base Article for MS05-019 will be updated to reference this article: http://support.microsoft.com/kb/893066 PSEPC recommends that you test and apply this hotfix only if you experience the symptoms described in the article. Purpose Assessment MS05-016: Vulnerability in Windows Shell that Could Allow Remote Code Execution A remote code execution vulnerability exists in the Windows Shell due to the way it handles application association. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability. Affected Software:
Impact of Vulnerability: Remote Code Execution Microsoft's Maximum Severity Rating: Important Suggested Action MS05-017: Vulnerability in Message Queuing Could Allow Code Execution A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. Affected Software:
Impact of Vulnerability: Remote Code Execution Microsoft's Maximum Severity Rating: Important Suggested Action MS05-018: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service A privilege elevation vulnerability exists in the way that Windows process certain fonts. This vulnerability could allow a logged-on-user to take complete control of the system. A privilege elevation vulnerability exists in the way that the affected operating system versions process certain access requests. This vulnerability could allow a logged on user to take complete control of the system. A denial of service vulnerability exists that could allow an attacker to send a specially crafted request locally to an affected operating system version. An attacker who exploited this vulnerability could cause the affected system to stop responding and automatically restart. A privilege elevation vulnerability exists in the way that the affected operating system versions process certain access requests. This vulnerability could allow a logged-on-user to take complete control of the system. Affected Software:
Impact of Vulnerability: Elevation of Privilege Microsoft's Maximum Severity Rating: Important Suggested Action MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service A remote code execution vulnerability exists that could allow an attacker to send a specially crafted IP message to an affected system. An attacker who successfully exploited this vulnerability could cause the affected system to remotely execute code. However, attempts to exploit this vulnerability would most likely result in a denial of service. A denial of service vulnerability exists that could allow an attacker to send a specially crafted Internet Control Message Protocol (ICMP) message to an affected system. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections. A denial of service vulnerability exists that could allow an attacker to send a specially crafted Internet Control Message Protocol (ICMP) message to an affected system that could cause network performance to degrade and potentially stop the affected system from responding to requests. A denial of service vulnerability exists that could allow an attacker to send a specially crafted TCP message to an affected system. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections. A denial of service vulnerability exists that could allow an attacker to send a specially crafted TCP/IP message to an affected system. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding. Affected Software:
Impact of Vulnerability: Remote Code Execution Microsoft's Maximum Severity Rating: Critical Suggested Action MS05-020: Cumulative Security Update for Internet Explorer A remote code execution vulnerability exists in Internet Explorer due to the way it handles certain DHTML objects. An attacker could exploit the vulnerability by constructing a malicious web page. This malicious Web page could allow remote code execution if a user visited it. An attacker who successfully exploited this vulnerability could take complete control of an affected system. A remote code execution vulnerability exists in Internet Explorer due to the way it handles certain URLs. An attacker could exploit the vulnerability by constructing a malicious web page. This malicious Web page could potentially allow remote code execution if a user visited it. An attacker who successfully exploited this vulnerability could take complete control of an affected system. A remote code execution vulnerability exists in Internet Explorer due to the way it handles Content Advisor files. An attacker could exploit the vulnerability by constructing a specially crafted Content Advisor file. This malicious Content Advisor file could potentially allow remote code execution if a user visited a malicious web site or viewed a malicious e-mail message and accepted the installation of the file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. Affected Software:
Affected Components:
Service Pack 1
Impact of Vulnerability: Remote Code Execution Microsoft's Maximum Severity Rating: Critical Suggested Action MS05-021: Vulnerability in Exchange Server Could Allow Remote Code Execution A remote code execution vulnerability exists in Microsoft Exchange Server that that could allow an attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted command that could result in a denial of service or allow an attacker to run malicious programs of their choice in the security context of the SMTP service. Affected Software:
Impact of Vulnerability: Remote Code Execution Microsoft's Maximum Severity Rating: Critical Suggested Action MS05-022: Vulnerability in MSN Messenger Could Lead to Remote Code Execution A remote code execution vulnerability exists in MSN Messenger that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system. Affected Software:
Impact of Vulnerability: Remote Code Execution Microsoft's Maximum Severity Rating: Critical Suggested Action MS05-023: Vulnerabilities in Microsoft Word May Lead to Remote Code A vulnerability exists in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. A vulnerability exists in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. Affected Software:
Impact of Vulnerability: Remote Code Execution Microsoft's Maximum Severity Rating: Critical Suggested Action Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyse threats and to issue alerts, advisories and other information products to our partners. To report threats or incidents, please contact the PSEPC operations coordination centre at (613) 991-7000 or goc-cog@psepc-sppcc.gc.ca by e-mail. Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The RCMP National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620. Links to sites not under the control of the Government of Canada (GoC) are provided solely for the convenience of users. The GoC is not responsible for the accuracy, currency or the reliability of the content. The GoC does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content. |
Last Updated: 10/25/2005 | Important Notices |