Why use Linux ?

Hello SuSE people, My ISP sends out bulletins to it's subscribers. Here is the latest. Maybe some of the "dual" people on this list will find it handy. ----------------------------------------------------------------- Fw: US-CERT Technical Cyber Security Alert TA05-102A -- Multiple Vulnerabilities in Microsoft Windows Components From: "Rob Marlowe" To: rnr@sanctum.com Date: Wed Apr 13 06:54:24 2005 Time to check for Windows updates again.... Several of these are critical. ----- Original Message ----- From: "US-CERT Technical Alerts" To: Sent: Tuesday, April 12, 2005 9:22 PM Subject: US-CERT Technical Cyber Security Alert TA05-102A -- Multiple Vulnerabilities in Microsoft Windows Components

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                     National Cyber Alert System

             Technical Cyber Security Alert TA05-102A

Multiple Vulnerabilities in Microsoft Windows Components

  Original release date: April 12, 2005   Last revised: --   Source: US-CERT

Systems Affected

    * Microsoft Windows Systems

  For a complete list of affected versions of the Windows operating   systems and components, refer to the Microsoft Security Bulletins.

Overview

  Microsoft has released a Security Bulletin Summary for April, 2005.   This summary includes several bulletins that address   vulnerabilities in various Windows applications and   components. Exploitation of some vulnerabilities can result in the   remote execution of arbitrary code by a remote attacker. Details of   the vulnerabilities and their impacts are provided below.

I. Description

  The list below provides a mapping between Microsoft's Security   Bulletins and the related US-CERT Vulnerability Notes. More   information related to the vulnerabilities is available in these   documents.

  Microsoft Security Bulletin MS05-020:    Cumulative Security Update for Internet Explorer (890923)

    VU#774338 Microsoft Internet Explorer DHTML objects contain a               race condition

    VU#756122 Microsoft Internet Explorer URL validation routine               contains a buffer overflow

    VU#222050 Microsoft Internet Explorer Content Advisor contains a               buffer overflow

  Microsoft Security Bulletin MS05-02:    Vulnerability in Exchange Server Could Allow Remote Code    Execution (894549)

    VU#275193 Microsoft Exchange Server contains unchecked buffer in

SMTP

              extended verb handling

  Microsoft Security Bulletin MS05-022:    Vulnerability in MSN Messenger Could Lead to Remote Code Execution    (896597)

    VU#633446 Microsoft MSN Messenger GIF processing               buffer overflow

  Microsoft Security Bulletin MS05-019:    Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial    of Service (893066)

     VU#233754 Microsoft Windows does not adequately validate IP                packets

II. Impact

  Exploitation of these vulnerabilities may permit a remote attacker to   execute arbitrary code on a vulnerable Windows system, or cause a   denial-of-service condition.

III. Solution

Apply a patch

  Microsoft has provided the patches for these vulnerabilities in the   Security Bulletins and on Windows Update.

Appendix A. References

    * Microsoft's Security Bulletin Summary for April, 2005 - <       http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>

    * US-CERT Vulnerability Note VU#774338 -       http://www.kb.cert.org/vuls/id/774338

    * US-CERT Vulnerability Note VU#756122 -       http://www.kb.cert.org/vuls/id/756122

    * US-CERT Vulnerability Note VU#222050 -       http://www.kb.cert.org/vuls/id/222050

    * US-CERT Vulnerability Note VU#275193 -       http://www.kb.cert.org/vuls/id/275193

    * US-CERT Vulnerability Note VU#633446 -       http://www.kb.cert.org/vuls/id/633446

    * US-CERT Vulnerability Note VU#233754 -       http://www.kb.cert.org/vuls/id/233754   _________________________________________________________________

  Feedback can be directed to the authors: Will Dormann, Jeff Gennari,   Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff   Havrilla.   _________________________________________________________________

   This document is available from:

     http://www.us-cert.gov/cas/techalerts/TA05-102A.html

  _________________________________________________________________

  Copyright 2005 Carnegie Mellon University.

  Terms of use: http://www.us-cert.gov/legal.html   _________________________________________________________________

  Revision History

  April 12, 2005: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2 glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN 7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+ asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw== =BY/p -----END PGP SIGNATURE-----

Bob S.