Microsoft has released Microsoft Security Bulletin MS05-052 and reports the "Impact of Vulnerability: Remote Code Execution", "Maximum Severity Rating: Critical" and their "Recommendation: Customers should apply the update immediately.".
Once again, watch out on this one because the only thing a part of this cumulative update does is set "the kill bit for the affected Class Identifiers (CLSID) in these COM objects.". And it's a growing list of kill bits MS is setting.
In your environment, if you cannot accept setting the kill bits involved in this "Cumulative" update, then you are effectively prevented from receiving other portions of the update, including "improvements to the Internet Explorer Pop-up Blocker" and "improvements to the Internet Explorer Add-on Manager." MS also mentions that the "Cumulative" Security Update "includes a kill bit for the ADODB.Stream object. This kill bit was released previously, but not as part of a security update. For more information about the ADODB.Stream object, see Microsoft Knowledge Base Article 870669. The Class Identifier (CLSID) for this object is 00000566-0000-0010-8000-00AA006D2EA4."
Previous commentary on kill bits - Open letter from the handlers
? Microsoft Windows 2000 Service Pack 4
? Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
? Microsoft Windows XP Professional x64 Edition
? Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
? Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
? Microsoft Windows Server 2003 x64 Edition
? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
A portion of this "Cumulative" update replaces MS05-037 and MS05-038.
Oct 11th 2005
Oct 11th 2005
1 decade ago