Microsoft December 2005 Security updates



Sans has the tip that information on the critical Windows updates expected tomorrow from Microsoft has started to be released.

MS 05-54: Cumulative Security Update for Internet Explorer

This will hopefully patch the javascript issues…

MS 05-55: Vulnerability in Windows Kernel Could Allow Elevation of Privilege.


More later in the day I’m sure.

The Kernel Vulnerability described here is an escalation of privilige vulnerability (local only?)

The Internet Explorer update does appear to address the remote code execution (recent javascript 0-day) vulnerability. There are caveats with this update. There may be problems with the update. They will be described in this knowledge base article http://support.microsoft.com/kb/905915 (which isn’t yet up at 1:28PM EST 12/13/05).

Here’s some info from SANs… kernel vulnerability:

A vulnerability in the Asynchronous Procedure Call queue allows local users to escalate their privileges. A regular user (who has to be logged in first) could use this vulnerability to gain Administrator privileges.
Microsoft rates this vulnerability as “Important” as there is no direct remote vector to exploit this issue. However, coupled with an Internet Explorer vulnerability or similar issues, this could be used to gain Administrator privileges even if a user runs Internet Explorer as a less privileged user.
Note that remote exploit may be possible if user credentials are known.

Explorer cumulitive update:

File Download Dialog Box Manipulation Vulnerability – CAN-2005-2829

HTTPS Proxy Vulnerability- CAN-2005-2830:

COM Object Instantiation Memory Corruption Vulnerability – CAN-2005-2831:

Mismatched Document Object Model Objects Memory Corruption Vulnerability – CAN-2005-1790:

This last item addresses the javascript 0-day exploit that was exploited late November.

–update 2:18 EST–

The security fix has mentioned the fixes and details the history of the zero-day exploit. It’s also worth mentioning – he points out that this cumulitive fix also removes a component left behind by Sony’s uninstaller for the XCP software. I need to re-read….

Related Posts

Blog Traffic Exchange Related Posts
  • Firefox 1.5.0.4 out.... I haven't seen news to this yet, just found it on Mozilla.com, but the 1.5.0.4 release of firefox seems to have been released sometime today. (1.5.0.4 of Thunderbird was announced earlier today.) I don't know how quick Google is at directing to the new version of firefox, but I'll include......
  • Firefox Market Share slips in July The July web browser market share stats show a slight decline for Mozilla Firefox, the first decline since it's 1.0 launch around 9 months ago. ITFacts is reporting that according to statistics from Netapplications, IE has 87.2%, Firefox 8.07%, Mozilla Suite 0.52%, and Opera 0.49% of the market. (No Safari?)......
  • Massive Windows Update Tuesday Microsoft had a mammoth patch Tuesday this month with 28 bug fixes (23 critical). (Computerworld article linked above. This is one of the largest update releases in five years (!) Those fixes were wrapped up in 8 updates for Internet Exporer, Office, Sharepoint, Windows media player and visual studio and......
Blog Traffic Exchange Related Websites
  • Bypass the Recycle Bin in XP I have a love hate relationship with the Recycle Bin.  When I need it, I'm glad its there, but for the most part it is just a pain in the rear.  Most people forget to empty it (don't we all hate taking out the trash?) and end up with loads......
  • Microsoft rolls out IE9 Beta Microsoft has released a major update to Internet Explorer, IE9 Beta. It is available in 33 languages at http://www.BeautyoftheWeb.com. This is the "Future of the Web".. The design of IE9 is very neat and light. IE9 is much more better than it's predecessor IE8. In an interview, Internet Explorer general......
  • Review of Windows Live Writer When you find a tool that makes life easier, there is nothing more exciting. The need for corporations to simplify and systematize their processes has to do with working smart and taking advantage of things that allow workers to reach their goals without having to work quite as hard. One......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site