|
ALARM Group ALERT — click for a description of ALARM, The Computing Alert System Alert Number: 081005-01 Alert Date: 08/09/05 Alert Title: Exploit released for Vulnerability detailed in August Microsoft security bulletin Update-to: 080905-01 OS/Platform/Application: Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1, Service Pack 2 and XP Professional x64 Edition Microsoft Windows Server 2003 , including Service Pack 1 and Itanium-based Systems and x64 Edition Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 |
Summary: Several Internet security monitoring and analysis agencies are reporting the public release of one or several exploits that take advantage of a vulnerability detailed in Microsoft Security Bulletin MS05-038. MS-05-038 was part of the August 9 release of monthly security updates provided by Microsoft (and is deemed as "critical" by the vendor). This bulletin deals with mutliple issues associated with the popular Microsoft Internet Explorer web browser. The consensus among the monitoring and analysis agencies is to apply the patch as soon as possible to all vulnerable systems.Recommended Actions: Windows system managers and support personnel are strongly encouraged to read the bulletin (including all potential caveats) and (if appropriate) apply the patch(es) immediately as per the instructions provided by the vendor if they have not already done so.
ITS Actions: ITS Systems Management and Operations Staff will apply the patches to the appropriate ITS servers as part of the next scheduled system update.
Resources:
Microsoft Security Bulletin MS05-038
SANS Handler's diary (pertains to patch releases and advises on MS05-038)
