Security 10816 Published by

Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:

Critical MS05-054 Microsoft Windows Remote Code Execution
Important MS05-055 Microsoft Windows Elevation of Privilege

Summaries for these new bulletins may be found at the following pages:
* http://www.microsoft.com/technet/security/bulletin/ms05-dec.mspx



Re-released Bulletins

In addition, Microsoft is re-releasing the following security bulletins:

Critical MS05-050 Microsoft Windows Remote Code Execution

Information on these re-released bulletins may be found at the following pages:
* http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here:
http://go.microsoft.com/fwlink/?LinkId=40573

High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS)
Microsoft is today also making the following High-Priority NON-SECURITY updates available on WU, MU, SUS and WSUS:

905648 Office Junk Mail Filter Update MU
910437 Access violation in Esent.dll when Windows Automatic Updates tries to download updates on a Windows Server 2003-based computer WU/MU
835409 You cannot restore Windows XP with Service Pack 2 after you restore Windows XP with Service Pack 1 WU/MU

Microsoft will host a webcast to address customer questions on these bulletins. For more information on this webcast please see below:

Information about Microsoft's Security Bulletins

Wednesday, December 14, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032285741&EventCategory=4&culture=en-US&CountryCode=US
The on-demand version of the webcast will be available 24 hours after the live webcast at:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032285741&EventCategory=4&culture=en-US&CountryCode=US

**********************************************************************
MS05-054
Title: Cumulative Security Update for Internet Explorer (905915)

Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition family
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.

Affected Components:
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
* Internet Explorer 6 for Microsoft Windows XP Service Pack 2
* Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
* Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
* Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition - Review the FAQ section of the bulletin for details about this version.
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition - Review the FAQ section of the bulletin for details about this version.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx

**********************************************************************
MS05-055
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

Affected Software:
* Microsoft Windows 2000 Service Pack 4

Non-Affected Software:
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Impact of Vulnerability: Elevation of Privilege

Maximum Severity Rating: Important

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-055.mspx
**********************************************************************
MS05-050
Title: Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

Affected Software:
* Microsoft DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
* Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
* Microsoft DirectX 8.1 on Microsoft Windows XP Professional x64 Edition
* Microsoft DirectX 8.1 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
* Microsoft DirectX 8.1 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft DirectX 8.1 on Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of the bulletin for details about these operating systems.

Affected Components:
* Microsoft DirectX 8.1, 8.1a, 8.1b, 8.2 when installed on Windows 2000
* Microsoft DirectX 9.0, 9.0a, 9.0b, 9.0c when installed on Windows 2000
* Microsoft DirectX 9.0, 9.0a, 9.0b, 9.0c when installed on Windows XP
* Microsoft DirectX 9.0, 9.0a, 9.0b, 9.0c when installed on Windows Server 2003
Reason for Re-release: Bulletin updated to advise customers that a revised version of the security update is available for Windows 2000 SP4, Windows XP SP1 and Windows 2003, listed in the "Affected Software" section. Customers that have applied the appropriate version of DirectX on the appropriate version of Windows need not take any action. Customers that may have installed the incorrect DirectX package manually are encouraged to evaluate their systems and re-deploy the correct update to ensure that the correct version of DirectX has been updated. For additional information, see "Why did Microsoft update this bulletin on November 9, 2005."

More information on this re-released bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS05-050.mspx

PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS.

Thank you,
Microsoft PSS Security Team