MS05-048: Microsoft Collaboration Objects

By Steven
in Back Page News

 Share

Recommended Posts

Grand Master

Steven

Posted
Posted

Microsoft Security Bulletin MS05-048

Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

Published: October 11, 2005

Version: 1.0

Summary

Who should read this document: Customers who use Microsoft Windows or Microsoft Exchange Server

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest opportunity.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

? Microsoft Windows 2000 Service Pack 4 ? Download the update (KB901017)

? Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 ? Download the update (KB901017)

? Microsoft Windows XP Professional x64 Edition ? Download the update (KB901017)

? Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 ? Download the update (KB901017)

? Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems ? Download the update (KB901017)

? Microsoft Windows Server 2003 x64 Edition ? Download the update (KB901017)

? Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004 ? Download the update (KB906780)

Non-Affected Software:

? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

? Microsoft Exchange Server 5.5

? Microsoft Exchange Server 2003

? Microsoft Exchange Server 2003 Service Pack 1

For more information about Exchange 2000 Server Post-Service Pack 3 Update Rollup see Microsoft Knowledge Base Article 870540.

The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the ?Vulnerability Details? section of this bulletin.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

We recommend that customers apply the update at the earliest opportunity.

http://www.microsoft.com/technet/security/...n/MS05-048.mspx

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.