Its that time of the month folks, Microsoft Patchday. Review security alerts below and get to patching. Please test these patches first and if you encounter any issues make sure to attend the Technet webcast tomorrow when you can ask questions and get some help.
On the side note, Juniper routers (and IDS) seem to already protect against the exploits listed below. “Juniper Networks Protects Customers Against New Microsoft Windows Vulnerabilities Disclosed Today.” Way to go Juniper!
Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms05-Aug.mspx
Critical Bulletins:
Cumulative Security Update for Internet Explorer (896727)
http://www.microsoft.com/technet/security/Bulletin/ms05-038.mspx
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
http://www.microsoft.com/technet/security/Bulletin/ms05-039.mspx
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
http://www.microsoft.com/technet/security/Bulletin/ms05-043.mspx
Important Bulletins:
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
http://www.microsoft.com/technet/security/Bulletin/ms05-040.mspx
Moderate Bulletins:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
http://www.microsoft.com/technet/security/Bulletin/ms05-041.mspx
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
http://www.microsoft.com/technet/security/Bulletin/ms05-042.mspx
Re-Released Bulletins:
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
http://www.microsoft.com/technet/security/Bulletin/ms05-023.mspx
Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
(890169)
http://www.microsoft.com/technet/security/Bulletin/ms05-032.mspx
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
Update:
By the way, the IE patch (896727) cannot be installed because the digital certificate of the path is invalid. Just a heads up for anybody that encounters “file is corrupt” errors while installing that patch.
For the less coherent, more grammatically correct realtime insight, follow me on Twitter at