Microsoft Advisory Summaries

Microsoft Security Bulletins Summary - January 2005

This month brings 3 fresh vulnerabilities: two of which are listed as Critical. The HTML/Help ActiveX flaw appears the most likely to draw out a widespread exploit. Although nearly any exploit could be packaged for mass mail delivery, this seems especially suited for a worm (consider Bofra/MyDoom from late last year). 

The Cursor and Icon handling flaw has the potential to allow for arbitrary code execution, however, that seems unlikely, given the history of such vulnerabilities. It does make for some interesting exploits though, and since it could be delivered via web interaction, it makes for a Critical alert. 

If Indexing Service is running on any of your servers and UDP 137/138 and TCP 139 are allowed to it, then those boxes need the last patch.  Microsoft's bulletin page is here.

The Excel spreadsheet and CSV versions of this month's summarized bulletin.

The advisory is summarized below: