Microsoft Security Patches: June 2005

Microsoft has just posted their security patch builletin for June. As usual all required patches for your PC can be found on Windows Update. Here’s a brief summary of the “critical” and “important” level vulnerabilities. (Read more for “moderate” level patches)
MS05-025: Cumulative Security Update for Internet Explorer (883939) Critical

  Vulnerabilities exist in Internet Explorer, the most sever of these could allow an attacker to take complete control of an affected system.

  http://go.microsoft.com/fwlink/?LinkId=45181

  MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution (896358) Critical

  A vulnerability exists in HTML Help that could allow an attacker to take complete control of an affected system.

  http://go.microsoft.com/fwlink/?LinkId=45237

  MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) Critical

  A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. An attacker needs to authenticate to be able to exploit this vulnerability.

  http://go.microsoft.com/fwlink/?LinkId=47017

  MS05-028: Vulnerability in Web Client Service May Allow Remote Code Execution (896426) Important

  A vulnerability exists in the Windows Web Client Service that could allow an attacker to take complete control of an affected system.

  http://go.microsoft.com/fwlink/?LinkId=46658

  MS05-029: Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179) Important

  A cross-site scripting vulnerability exists in Outlook Web Access for Microsoft Exchange that could allow an attacker to run a malicious script in Outlook Web Access.

  http://go.microsoft.com/fwlink/?LinkId=45969

  MS05-030: Cumulative Security Update for Outlook Express (897715) Important

  A vulnerability exists in Outlook Express that could allow an attacker to take complete control of an affected system.

  http://go.microsoft.com/fwlink/?LinkId=47600

  MS05-031: Vulnerability in Microsoft Windows Interactive Training Could Allow Remote Code Execution (898458) Important

  A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. Microsoft Windows Interactive Training is not installed by default.

  http://go.microsoft.com/fwlink/?LinkId=47051

Moderate Threat

MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing (890046) Important

A vulnerability exists in Microsoft Agent that could enable an attacker to spoof trusted Internet content. An attacker first have to persuade a user to visit the attacker’s site to attempt to exploit this vulnerability.

http://go.microsoft.com/fwlink/?LinkId=39175

MS05-033: Vulnerability in Telnet Client Could Allow Information Disclosure (896428) Important

A vulnerability exists in the Windows Telnet Client that could enable an attacker to retrieve unpredictable information from a system.

http://go.microsoft.com/fwlink/?LinkId=47016

MS05-034: Cumulative Security Update for ISA Server 2000 (899753) Important

Vulnerabilities exist in Microsoft ISA Server 2000 that could allow circumvention of a packet filter and enable an attacker to retrieve unpredictable information from an ISA Server’s cache or from a system behind the ISA server .

http://go.microsoft.com/fwlink/?LinkId=47738