Security 10808 Published by

Microsoft has released the following security updates:

Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack
ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions.

Read more

Unchecked Buffer in Windows Shell Could Enable System Compromise
The Windows shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows desktop. It also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start programs.

Read more

Buffer Overrun In RPC Interface Could Allow Code Execution
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the OSF (Open Software Foundation) RPC protocol, but with the addition of some Microsoft specific extensions.

Read more