The third high-priority patch, MS05-010, fixes a code execution flaw that exists in the Windows License Logging service, which could allow an attacker to take complete control of an affected system. Affected software includes Windows NT Server 4.0, Windows 2000 Server Service Pack 3 and Service Pack 4, and Windows Server 2003. Microsoft discontinued support for NT 4.0 last month, but Toulouse said patches were released publicly because of the severity of the vulnerability."In cases where we believe the balance is greater to protect all users, we will take the step to go ahead with public updates for NT 4.0," Toulouse said. Microsoft is still supporting NT 4.0 customers who pay premium prices for custom support. Toulouse pinpointed the MS05-011 advisory as another high-priority update because of the threat it presents. That patch covers a remote code execution flaw in the SMB (Server Message Block) that could allow an attacker to take complete control of the affected system. The SMB patch applies to users of Windows 2000 Service Pack 3 and Service Pack 4, Windows XP Service Pack 1 and Service Pack 2, and Windows Server 2003. The Server Message Block flaw was first reported by security research firm eEye Digital Security in August 2004. Toulouse explained that the long-overdue fix was delayed because of the rigid patch-testing mechanism employed by Microsoft engineers. The February advisories also include:
"Thats a vulnerability that exists in the default installation of NT 4.0 server. If this particular update were to be exploited by a criminal attack that was automated, we felt the damage would be widespread.
- MS05-004: An "important" patch for a vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access.
- MS05-005: A fix for a "critical" buffer overrun flaw in Microsoft Office XP software that could allow an attacker to take complete control of the affected system.
- MS05-006: This corrects a "moderate" vulnerability in Windows SharePoint Services and SharePoint Team Services that could allow cross-site scripting and spoofing attacks.
- MS05-007: An "important" patch for an information-disclosure weakness in Windows XP that could allow an attacker to remotely read the user names for users who have an open connection to an available shared resource.
- MS05-008: A patch with an "important" rating for a privilege-escalation vulnerability in the way that Windows handles drag-and-drop events. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability, Microsoft said.
- MS05-012: A patch for a pair of "critical" code execution flaws in the way Windows and some Microsoft Office programs access memory when they process COM (Component Object Model)-structured storage files. It also fixes a serious bug in the way the OLE service handles input validation.
- MS05-013: A fix for a "critical" cross-domain flaw in the Microsoft DHTML (Dynamic HTML) Editing Component ActiveX control. Microsoft warned that an attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited that page. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."
- MS05-015: This patch corrects a "critical" hole in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks, and it could allow a malicious hacker to lure users into visiting a Web page to launch harmful code. "An attacker who successfully exploited this vulnerability could take complete control of the affected system, [but] user interaction is required to exploit this vulnerability," Microsoft said.