Microsoft has released 12 security bulletins (and re-released 1). 8 of these bulletins have patches that need testing




Download 88.5 Kb.
Sana25.12.2019
Hajmi88.5 Kb.
#4850

Microsoft has released 12 security bulletins (and re-released 1). 8 of these bulletins have patches that need testing.

Patches are available in Qtest. Glenn may have finished loading them all into EPM already.

MS05-004: 20 day Not part of supported standard, but its being used. How will we manage .NET? There's an Enterprise Update Scanning Tool for this purpose.

MS05-005: -- Office 2000 and 2003 not affected, but Visio 2002 and Project 2002 are probably in small deployments


MS05-006: -- Sharepoint is not standard, but it looks like there is some testing occurring
MS05-007: -- Windows 2000, Windows 2003 not affected
MS05-008: 10 day important, testing required all platforms
MS05-009: 10 day critical, Windows Media Player, testing required all platforms. Enterprise Update Scanning Tool may be needed to identify instances of MSN Messenger.

MS05-010: 10 day critical, license logging service should be disabled, testing required all servers (we should deploy the patch even though we do not plan to use the license logging service)

MS05-011: 10 day critical, Windows, testing required all platforms
MS05-012: 10 day critical, Windows/Office/Exchange, testing required all platforms
MS05-013: 10 day critical, Windows, testing required all platforms
MS05-014: 10 day critical, Internet Explorer, testing required all platforms
MS05-015: 10 day critical, Windows, testing required all platforms
MS04-035: -- re-release to include patch for Exchange 2000 (which we skipped)

**********************************************************************



MS05-004: ASP.NET Path Validation Vulnerability (887219)
Important; Impact of Vulnerability: Information Disclosure, possible Elevation of Privilege
Affected Software:
- Microsoft .NET Framework 1.0 Service Pack 2 and Service Pack 3
- Microsoft .NET Framework 1.1 (All Versions)
Affected Components:
- ASP.NET
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-004.mspx

ASP.NET is a server side technology used to build web applications. It is part of the .NET Framework 1.0 and 1.1. It comes installed by default on Windows Server 2003.

Test guidance:
Be sure to test using a non-administrative account.
Test all your applications that use forms and windows authentication.
Ensure your webservices are functioning as expected.
Ensure all your ASP.NET applications are functioning as expected.
Any .NET applications that relies on any ASP.NET by leveraging System.Web.Dll or the aspnet_isapi.dll should verify there applications continue to work.

MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
Critical; Remote Code Execution
Affected Software:
 - Microsoft Office XP Software Service Pack 3
 - Microsoft Office XP Software Service Pack 2
 - Microsoft Project 2002
 - Microsoft Visio 2002
 - Microsoft Works Suite 2002
 - Microsoft Works Suite 2003
 - Microsoft Works Suite 2004
Non-Affected Software:
 - Microsoft Office 2000
 - Microsoft Office 2003
Restart required: No
Update can be uninstalled: No
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-005.mspx

MSO.dll is the largest component that provides various shared functionality across Office applications.

Test guidance:
Be sure to test using a non-administrative account.
Test scenarios where shared file system component in MSO is used in Office applications. Consider Word, Excel, PowerPoint, Outlook, FrontPage, Publisher, Access. Test opening of a file from various functionalities in Office applications. Confirm files open without problems.

MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

Moderate; Remote Code Execution


Affected Software:
- Windows SharePoint Services
- SharePoint Team Services from Microsoft
Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Update can be uninstalled: No


More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-006.mspx

No test guidance; it’s a Sharepoint patch.



MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)
Affected Software:
 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
 - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Non-Affected Software:
 - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
 - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
 - Microsoft Windows Server 2003
 - Microsoft Windows Server 2003 for Itanium-based Systems
 - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Important; Information Disclosure
Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will not be required, stop all affected services and close all applications that may use the affected files prior to installing the security update.

Update can be uninstalled:  Yes


More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx

No test guidance; its an XP patch.



MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Important; Remote Code Execution
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-008.mspx

The Microsoft Windows user interface (UI) provides users with access to a wide variety of objects necessary for running applications and managing the operating system. The most numerous and familiar of these objects are the folders and files that reside on computer disk drives. There are also a number of virtual objects that allow the user to do tasks such as sending files to remote printers or accessing the Recycle Bin. The Shell organizes these objects into a hierarchical namespace, and provides users and applications with a consistent and efficient way to access and manage objects. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_WinShell.asp

Test guidance:
Be sure to test using a non-administrative account.
Perform Drag and Drop operations from IE to Shell folders in internet zone and local intranet zone.
Perform Copy and Paste, and Cut and Paste operations from IE to Shell folders.
Perform Drag and Drop operations between your LOB applications.
Perform Copy and Paste, and Cut and Paste operations between your LOB applications.

MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
Critical: Remote Code Execution
Affected Software:
- Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP and Windows Server 2003)
- Microsoft MSN Messenger 6.1
- Microsoft MSN Messenger 6.2
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

Non-Affected Software:


- MSN Messenger for Mac
- Windows Media Player 6.4
- Windows Media Player 7.1
- Windows Media Player for Windows XP (8.0)
- Windows Media Player 9 Series for Windows XP Service Pack 2
- Windows Media Player 10
Affected Components:
- Microsoft Windows Messenger version 4.7.2009 (when running on Windows XP and Windows XP Service Pack 1)
- Microsoft Windows Messenger version 4.7.3000 (when running on Windows XP Service Pack 2)
- Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems)
Restart required: In some cases, this update does not require a restart.
The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are in use, this update will require a restart. If this occurs, a message appears that advises you to restart.

Update can be uninstalled: Yes


More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-009.mspx

The fix is to validate the height and width contained in the header when loading a PNG image filetype.

Test guidance:
Be sure to test using a non-administrative account.
Testers should verify by opening various PNG filetypes in the standalone media player and the embedded player (within IE).

Also, should conduct these tests with page heap enabled for IE and open various player skins installed and externally downloaded from http://www.microsoft.com/windows/windowsmedia/mp10/getmore/skins.aspx

Preferably skins created with PNG images.

MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834)
Critical: Remote Code Execution
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
Non-Affected Software:
- Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will not be required, stop all affected services and close all applications that may use the affected files prior to installing the security update.

Update can be uninstalled: Yes


More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-0010.mspx

License Logging Service (LLS) is a tool to help customers manage licenses for Microsoft server products that are licensed in the Server Client Access License (CAL) model.

Test guidance:
The fix is to validate the height and width contained in the header when loading a PNG image filetype.
Test your windows license management scenarios using License Manager in single and multi-server environments.
Test per seat and per server license management scenarios.
Test all your applications that use LLS RPC interface to manage licenses.

MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
Critical: Remote Code Execution
Affected Software:
 - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
 - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
 - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
 - Microsoft Windows Server 2003
 - Microsoft Windows Server 2003 for Itanium-based Systems
Non-Affected Software:
 - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-0X11.mspx

SMB File Sharing Protocol which is a part of Windows Kernel. This affects the SMB redirector kernel driver mrxsmb.sys.


SMB file sharing is the protocol by which files are shared across computers. For more information on SMB refer to http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/microsoft_smb_protocol_and_cifs_protocol_overview.asp

Test guidance:


The fix is to validate the height and width contained in the header when loading a PNG image filetype.
Perform file operations such as copy, save, edit, delete on a file stored on remote computers running different OS.
Perform copy/save/edit directly or through applications, on file shares with special emphasis on Win9x and Windows NT.
Perform file operations between Windows client and Non-Microsoft CIFS compliant Operating Systems (Network Appliance, Unix Based OS, OS/2). 

MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
Critical: Remote Code Execution
Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Exchange 2000 Server Service Pack 3 (uses the Windows OLE component)
- Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 Service Pack 1 (uses the Windows OLE component)
- Microsoft Exchange Server 5.0 Service Pack 2 (uses the Windows OLE component)
- Microsoft Exchange Server 5.5 Service Pack 4 (uses the Windows OLE component)
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

- Microsoft Office XP Service Pack 3 (uses the Windows OLE component)


- Microsoft Office XP Service Pack 2 (uses the Windows OLE component)
- Microsoft Office XP Software:
- Outlook 2002
- Word 2002
- Excel 2002
- PowerPoint 2002
- FrontPage 2002
- Publisher 2002
- Access 2002
- Microsoft Office 2003 Service Pack 1 (Uses the Windows OLE component)
- Microsoft Office 2003 (Uses the Windows OLE component)
- Microsoft Office 2003 Software:
- Outlook 2003
- Word 2003
- Excel 2003
- PowerPoint 2003
- FrontPage 2003
- Publisher 2003
- Access 2003
- InfoPath 2003
- OneNote 2003
Restart required: Yes
Update can be uninstalled:  Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx

The Microsoft Object Linking and Embedding technology (OLE) makes objects created in a document in one application available to a document created in another application. For example, a user can store a table created in a spreadsheet application in a word processing document.



http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwue/html/ch12a.asp

Test guidance:


Test using a non-administrative account.
Test any OLE applications and exercise the OLE functionality. Some OLE applications are Office, RichText email applications,

Exercise COM\COM+ functionality, Any 16-bit application that uses COM, Exchange, etc.


Test scenarios that use mail gateways between system and Outlook Web Access.
Test index server search scenarios.
Test copy and paste, and drag and drop scenarios on all your Office applications
Office and  Exchange should be tested.

Test applications such as MSI that use structured storage with impersonation scenarios, while marshaling data. In this scenario, the user is running as a Limited User on a local system, installing an Application and the installer is MSI based. To continue the install the system will require an elevation of privileges as an Admin which proceeds to impersonate to continue the installation.

As far as what we know, we have not found any regressions regarding this scenario.  There should be no change in behavior during the installation of the MSI-installer-based Application.

Install MSI installer based applications (setup.exe with a .msi file) as a Limited User which prompts for Administrator credentials to elevate and continue the install.



MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Code Execution (891781)
Critical: Remote Code Execution
Affected Software:
 - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
 - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
 - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
 - Microsoft Windows Server 2003
 - Microsoft Windows Server 2003 for Itanium-based Systems
 - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

Restart required: This update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Update can be uninstalled: Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-013.mspx

This control provides a WYSIWYG HTML editor that can be included easily in both client and web applications.


See MSDN for details: http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/samples/internet/browser/editcntrl/default.asp

Test guidance:


Test using a non-administrative account.
Test hosting DHTML editing control on a web page.
Test hosting DHTML editing control on a client application such as VB application.
Test DHTML editing control’s editor functionality including typing, cut/copy/paste and formatting.
Testing all your applications and script that use DHTML editing control and its APIs.

Microsoft Applications to test:


Outlook Web Access (Exchange Server 2000 and 2003)
Content Management Server
WSS2 – Content Web Part

MS05-014: Cumulative Security Update for Internet Explorer (867282)
Critical: Remote Code Execution
Affected Software includes Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 and Microsoft Windows Server 2003.

Affected Components include Internet Explorer 6 Service Pack 1 (on Microsoft Windows 2000 Service Pack 3 and on Microsoft Windows 2000 Service Pack 4) and Internet Explorer 6 for Windows Server 2003

Restart required: You must restart your system after you apply this security update. You do not have to use an administrator logon after the computer restarts for any version of this update.

Update can be uninstalled: Yes


More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-014.mspx

New changes to Internet Explorer functionality:


- Internet Explorer no longer supports the Microsoft ActiveX Image Control 1.0. This control implements support for dynamically changing images on a Web page. This control has been found to contain a security vulnerability. To help protect customers who have this control installed, this update prevents the control from running in Internet Explorer. It does this by setting the kill bit for the control. For more information about kill bits, see Microsoft Knowledge Base Article 240797. The CLSID for this ActiveX control is {D4A97620-8E8F-11CF-93CD-00AA00C08FDF}.

- This update includes a registry change supporting the part of update for the “Drag-and-Drop Vulnerability” (CAN-2005-0053) available in security bulletin MS05-008. The new registry entry is: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\180b. This new registry value is a new DWORD value set to 1.

This update also includes a registry key which is a list of valid file types that Internet Explorer will allow drag and drop events on: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts

These components are being updated:


- MSHTML (“Trident”): The rendering engine for Internet Explorer. It encompasses everything from basic table and text rendering to advanced CSS and Editing, as well as Behaviors.

- URLMon: One of the principal components for navigating and parsing of URLs.


- WININET: The Internet Explorer networking component. It handles internet protocols like HTTP and FTP.
- SHDOCVW: The web browser control and core browsing functionality such as history, favorites, print preview, and document hosting.

- BrowseUI:  This is the browser frame and includes the toolbar, menus, and associated components.


- CDFView:  The principal component for parsing CDF (Channel Definition Format) files.
- ShlWAPI: This just exposes several APIs that are used in Internet Explorer and the Windows Shell
- SHELL32: core component of the Windows Desktop.

Test guidance:


Be sure to test using a non-administrative account.
Test websites/applications:
- that utilize drag and drop functionality.
- that utilize scripted window positioning in response to user interaction.
- that use the scriptlet control.
- that use %-encoded URLs.
- that automatically add channels to a user’s favorites.
- that use client-side SSL certificates.
- that require authentication.
Ensure that none of the data formats you expect to be draggable are blocked.
Dragging from the Internet Zone to the Local Machine Zone will now result in a prompt. This may cause test automation which is unable to handle the new dialog to fail.

If your application uses scripted window positioning in response to user interaction, ensure that functionality is not impaired in these scenarios. If your application uses the scriptlet control, ensure that it is not blocked. If the scriptlet control was being used in the Internet Zone, users will need to add your site to their trusted sites.

If your site uses %-encoding you may wish to test for regressions.
If your application uses CreateControlRange() you may wish to test for any regressions in those scenarios.
If your application uses script to add channels you may wish to test for any regressions in those scenarios.
If you use InfoPath, create a new document, set “right-to-left” page viewing, then type a misspelled word and click elsewhere (which will make the squiggly line show up). The line should be directly underneath the misspelled word in question.

Test applications that post large data to a secure server using wininet and do not stop on receiving the intermediate ‘100 continue’ message from server. Instead receive the full response from server and the final ‘200 ok’ message.

Test websites requiring authentication, specifically digest. Authenticate at websites with multiple instances of the browser.

Test performance of file uploads to a SSL server improves due to the fix and so applications that upload files to a secure server will see a performance improvement.

The main scenarios to test are to ensure that the files are uploaded have the correct mime type associated with them.
OnDragStart event may no longer fire when it previously did. If you rely on this (in particular, test automation) you should ensure your application responds appropriately.

Test any application which “hosts” the Trident rendering engine should be considered.  Typically items such as “Help > About” use Trident’s HTML Rendering and should be verified. This includes applications like MS Money, Visual Studio, Oracle, Office, etc.

Test applications hosting IE as a browser such as MyIE2, Office 2003 (with web toolbar), Quicken, or MS Money.
Testers should especially verify any line-of-business applications dependent on IE-supplied functionality. In particular those where a site depends on data pulled from external (cross domain/sub-domain) locations.

MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
Critical: Remote Code Execution
Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Restart required:  This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Update can be uninstalled:  Yes


More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-015.mspx

This interface provides methods for a hyperlink to retrieve the moniker or the interface on its hyperlink container. The navigation process that resolves a hyperlink uses this information to handle internal (within the same container) and external (to a different container) hyperlink references.

Test guidance:
Test using a non-administrative account.
Test scenarios where hlink is used in MS and non MS apps. For MS, consider Excel, Word, FrontPage, Outlook, PowerPoint, Publisher.

For Office applications, type in URLs in document, mails, and spreadsheets and confirm they are resolved in the correct address.

Other Info:
The Server 2003 packages are hotpatch enabled. To use this functionality from the command line
/hotpatch:enable

MS04-035: Vulnerability in SMTP Could Allow Remote Code Execution (885881)
Critical: Remote Code Execution
Affected Software (re-release only):
- Microsoft Exchange 2000 Server Service Pack 3
Affected Components (re-release only):
- Microsoft Exchange 2000 Server Routing Engine component
Reason for Re-release: Subsequent to the release of this bulletin, it was determined that a variation of the vulnerability addressed also affects Exchange 2000 Server. Microsoft has updated the bulletin, on February 8, 2005, with additional information about Exchange 2000 Server and also to direct users to a security update for this additional affected platform.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx

**********************************************************************

The summary for this month's bulletins can be found at the following page: http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx

Information on these re-released bulletins may be found at the following page: - http://www.microsoft.com/technet/security/Bulletin/MS04-035.mspx

**********************************************************************

Microsoft will host a webcast to address customer questions on these bulletins. For more information on this webcast please see below:

- Information about Microsoft's February Security Bulletins (Level 100)


- Wednesday, February 09, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
- http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032267656&Culture=en-US

The on-demand version of the webcast will be available 24 hours after the live webcast at:


- http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032267656&Culture=en-US

In an effort to further assist customers with detection and deployment of security updates generally, as well as to answer questions about February's bulletins, PSS will be offering a special in-depth technical webcast focused on guidance for detection and deployment. For more information on this webcast please see below:

- Supplemental Technical Information about Detection and Deployment of Microsoft's February Security Updates (Level 200)

- Thursday, February 17, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)


- http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032268810&Culture=en-US

The on-demand version of the webcast will be available 24 hours after the live webcast at:


- http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032268810&Culture=en-US

Download 88.5 Kb.




Download 88.5 Kb.

Bosh sahifa
Aloqalar

    Bosh sahifa



Microsoft has released 12 security bulletins (and re-released 1). 8 of these bulletins have patches that need testing

Download 88.5 Kb.