Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: MS05-052 Cumulative Security Update for Internet Explorer (896688) SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS05-052 Cumulative Security Update for Internet Explorer (896688)
Microsoft has released Microsoft Security Bulletin MS05-052 and reports the "Impact of Vulnerability: Remote Code Execution", "Maximum Severity Rating: Critical" and their "Recommendation: Customers should apply the update immediately.".

Once again, watch out on this one because the only thing a part of this cumulative update does is set "the kill bit for the affected Class Identifiers (CLSID) in these COM objects.". And it's a growing list of kill bits MS is setting.
 
In your environment, if you cannot accept setting the kill bits involved in this "Cumulative" update, then you are effectively prevented from receiving other portions of the update, including "improvements to the Internet Explorer Pop-up Blocker" and "improvements to the Internet Explorer Add-on Manager." MS also mentions that the "Cumulative" Security Update "includes a kill bit for the ADODB.Stream object. This kill bit was released previously, but not as part of a security  update. For more information about the ADODB.Stream object, see Microsoft Knowledge Base Article 870669. The Class Identifier (CLSID) for this object is 00000566-0000-0010-8000-00AA006D2EA4."

CVE CAN-2005-2127

Previous commentary on kill bits - Open letter from the handlers

Affected Software:
? Microsoft Windows 2000 Service Pack 4
? Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
? Microsoft Windows XP Professional x64 Edition
? Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
? Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
? Microsoft Windows Server 2003 x64 Edition
? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

A portion of this "Cumulative" update replaces MS05-037 and MS05-038.
Patrick

193 Posts
Oct 11th 2005

Sign Up for Free or Log In to start participating in the conversation!