February 11, 2005
Bevy of Critical Microsoft Flaws
Platform: Internet Explorer 6.0
Microsoft Severity: Important to Critical
Actual Severity: HIGH to CRITICAL
Microsoft this week released a record number of vulnerability alerts and associated fixes. And in an unusual move, Microsoft first gave security administrators a heads up at the beginning of the week that a number of fixes were coming down the pike. Presumably these vic..., er, security professionals appreciated the warning so they could clear off their weekends for a fun time updating systems.
Microsoft announed new twelve security vulnerabilities, -- many rated Critical:
MS05-04: ASP.NET Path Validation Vulnerability
MS05-05: Vulnerability in Microsoft Office XP could allow Remote Code Execution
MS05-06: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks
MS05-07: Vulnerability in Windows Could Allow Information Disclosure
MS05-08: Vulnerability in Windows Shell Could Allow Remote Code Execution
MS05-09: Vulnerability in PNG Processing Could Allow Remote Code Execution
MS05-10: Vulnerability in the License Logging Service Could Allow Code Execution
MS05-11: Vulnerability in Server Message Block Could Allow Remote Code Execution
MS05-12: Vulnerability in OLE and COM Could Allow Remote Code Execution
MS05-13: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution
MS05-14: Cumulative Security Update for Internet Explorer
MS05-15: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution
Such a flood of vulnerabilities (note the prevelance of the phrase "could allow remote code execution") should give one second thoughts about the Windows monoculture. Although replacing Windows on the desktop is problematical, I suspect this bug swarm will prompt enterprises to consider bumping Microsoft out of server roles. There are many good alternatives to Microsoft IIS, SMB and MSSQL servers.
Posted by Mel Beckman at February 11, 2005 9:46 AM
