Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
Published: August 11, 2005
Microsoft is aware that detailed exploit code has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS05-039: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. However, Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.
Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS05-039
on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.References
Stephen Toulouse, (Stepto
) of the Microsoft Security Response Center
gives his reaction regarding a potential virus for Windows Vista
A virus for Windows Vista? Wrong.Hi everyone, Stephen Toulouse here. There’s been some commentary the past couple of days regarding a potential Windows Vista virus and we wanted to weigh in with some details. First of all, in examining the details of the reports, there is no Windows Vista virus described in them. Instead, the reports are regarding potential proof of concept viruses in the form of malicious scripts that are developed to affect a new interactive shell codenamed "Monad", which is currently in early phase of beta testing.
Full article: Microsoft Security Response Center Blog!
Last Review : August 4, 2005
Revision : 10.0
Update Rollup 1 for Windows 2000 SP4 makes it easier for customers to enhance and maintain the security and stability of their Windows 2000-based computers.
For more information about the problems that are fixed in Update Rollup 1 for Windows 2000 SP4, click the following article number to view the article in the Microsoft Knowledge Base:
- 900345 Problems that are fixed in the Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 that is dated June 28, 2005
After the release of Update Rollup 1 for Windows 2000 SP4, we identified several issues that may occur when you install this update rollup. These issues are isolated, and affect few customers. These issues are described in this article. This article also explains how to resolve these issues. If you are affected by these issues, we suggest that you do not install Update Rollup 1 for Windows 2000 SP4 until the corresponding hotfix is available. We plan to reissue Update Rollup 1 for Windows 2000 SP4 soon. Several hotfixes will be integrated into the new version of Update Rollup 1 for Windows 2000 SP4.Error messages
You may receive one of the following error messages when you visit the Windows Update Web site:
- MSXML3.DLL File Not Found
- Error 0x80244001
- Error 0x800700C1
More information: Microsoft's Knowledge Base KB891861
Microsoft Security Bulletin Advance Notification
August 4, 2005
As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.On 9 August 2005 Microsoft is planning to release:Security Updates
Microsoft Windows Malicious Software Removal Tool
- 6 Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
- Microsoft will release one NON-SECURITY High-Priority Update for Microsoft Windows on Windows Update (WU), Microsoft Update (MU), Software Update Services (SUS), and Windows Server Update Services (WSUS).
Source: TechNet - Security
Here's what you can do to enhance the security on your PC
Each of the following tasks addresses a different security concern. You can strengthen your PC's defenses by completing both tasks.Use Microsoft Windows Security Center
The Windows Security Center, which is already installed on your computer, monitors and enables you to manage important security settings on your computer, including a firewall, automatic updates, and the status of your antivirus software. See how to use it and why it's important.
Click here to learn more Get Anti-spyware Software
Anti-spyware software helps to protect your computer from known programs that can track your Web browsing habits or make changes to your computer settings without your consent or control. See if you already have it, why it's important, and how to get it.
Click here to get Anti-Spyware software
Redaction is the careful editing of a document to remove confidential information.
The Microsoft Office Word 2003 Redaction Add-in
makes it easy for you to mark sections of a document for redaction. You can then redact the document so that the sections you specified are blacked out. You can either print the redacted document or use it electronically.
Sensitive government documents, confidential legal documents, insurance contracts, and other sensitive documents are often redacted before being made available to the public. With the Word 2003 Redaction Add-in
, users of Microsoft Office Word 2003 now have an effective, user-friendly tool to help them redact confidential text in Word documents.
Download: Word Redaction