Well, last month Microsoft released no patches, but the company made up for that lack on this week's Patch Tuesday with nine Security Bulletins. Most of this month's patches are for primarily workstation-related risks that you can wait to deploy until you finish a full round of testing in your environment. However, I recommend loading the Internet Explorer (IE) patch (MS05-052) on workstations as soon as possible, with little or no testing, depending on where your organization falls in the vulnerability versus stability range.
The most important patch that affects servers is the one dealing with the Collaboration Data Objects (CDO) vulnerability (MS05-048). Be sure to assess your exposure to that risk.
Two trends continue this month. First, Windows XP Service Pack 2 (SP2) and Windows Server 2003 SP1 continue to come out less scathed than earlier versions of Windows for many vulnerabilities. I have to give Microsoft credit for making progress on these two post-Trustworthy-Computing-initiative releases. Second, following best practices such as refraining from dangerous activities (e.g., Web browsing) while logged on at a server and disabling unneeded features continue to reduce your exposure to future vulnerabilities.
All of this month's patches can be deployed through Windows Server Update Services (WSUS) and are detectable by using Microsoft Baseline Security Analyzer (MBSA). Below is a summary of each Microsoft Security Bulletin based on my research and conversations with Microsoft representatives. For my full commentary on each patch, you can visit http://www.ultimatewindowssecurity.com/msbulletins.html.
MS05-050--Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
This critical vulnerability allows an attacker to execute arbitrary code under the current user's authority on all versions of Windows. Assuming you follow best practices while logged on to servers and avoid opening untrusted content, you should be able to avoid loading this patch on servers. Workstations, however, should be patched after you test the patch with any streaming content in use at your organization. More …
MS05-051--Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
This critical bulletin covers several vulnerabilities with different types of impact including root access, local privilege elevation, and Denial of Service (DoS). You can probably avoid loading this patch if your network consists of XP SP2 and Windows 2003 SP1 machines and if your end users already have administrative authority to their workstations. Otherwise, you should analyze the mitigating factors and workarounds and consider installing the update if the vulnerability still proves to be applicable to your environment. More …
MS05-052--Cumulative Security Update for Internet Explorer (896688)
This critical vulnerability allows an attacker to execute arbitrary code under the authority of the current user. I recommend loading this fix on Windows workstations as soon as possible, with minimal testing, because the vulnerability is already being exploited on the Internet. More …
MS05-046--Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
This vulnerability affects only Windows systems that have Client Services for NetWare (CSNW) or GSNW (Gateway Service for Netware), neither of which is installed by default on any version of Windows. If you have Novell NetWare servers and use CSNW, consider loading this patch after complete testing in your environment. More …
MS05-047--Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
This vulnerability could allow a remote but authenticated user to gain root access to Windows 2000 and XP SP1 systems but not Windows 2003 systems. Given the prerequisites and other mitigating factors, you'll probably want to defer loading this patch until you've fully tested it. More …
MS05-048--Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
This important vulnerability allows a remote attacker to gain complete control of a system by using a specially crafted SMTP email message. The vulnerability affects all versions of Windows and Exchange 2000 Server, however there are significant prerequisites for a successful attack. Email servers and gateways exposed to the Internet should be patched as soon as possible. Some organizations will deploy the update before testing is complete to Internet-facing servers and as soon as testing is complete to other vulnerable servers. More …
MS05-049--Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
These important vulnerabilities, which allow an attacker to run arbitrary code under the authority of the victim user, apply to all versions of Windows. The attacker must trick the user into opening a specially crafted LNK file. I recommend loading this patch on all workstations after testing it in your environment. More …
MS05-044--Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
This vulnerability allows an attacker who can post a file with a specially formatted filename to an FTP site to override the destination of the file when it's downloaded by a client. This vulnerability is relevant to systems downloading files from FTP sites where malicious content could be posted. Due to the prerequisites for the attack, many organizations will defer loading this patch at least until they've fully tested it in their environments. More …
MS05-045--Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
This Denial of Service (DoS) vulnerability allows an authenticated but malicious user to send a specially crafted network message to the vulnerable system and temporarily knock out the system's ability to respond to incoming and outgoing dial-up and VPN connection attempts. However, the system will evidently recover within a few seconds. I don't recommend installing this patch unless you start experiencing the problem. If you do experience the problem, you have a rogue user on your hands. More …
