GRNET-CERT
Latest Microsoft Security Bulletins
Bulletin: MS01-050
Title: Malformed Excel or PowerPoint Document
Can Bypass Macro Security
Date:
Software: Microsoft Excel or PowerPoint for Windows or
Macintosh
Impact: Run Code Of
Attacker's Choice
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-050.asp.
Bulletin: MS01-051
Title: Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet
Zone
Date:
Software: Internet Explorer
Impact: Three
vulnerabilities:
- Cause web page to render a web page using
inappropriate security
settings
- Send commands to a third-party web site in
the guise of the user
- Create a file on the system of a user who
visited a web site.
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-051.asp.
Bulletin: MS01-052
Title: Invalid RDP Data can Cause Terminal
Service Failure
Date:
Revised:
Software: Windows NT 4.0 Server, Terminal Server
Edition,
Windows 2000 Server and Advanced
Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS01-052
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-052.asp.
Bulletin: MS01-053
Title: Downloaded Applications Can Execute on
Mac IE 5.1 for OS X
Date:
Software: Internet Explorer 5.1 for Macintosh
(r)
Impact: Run code of attacker's
choice
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-053.asp.
Bulletin: MS01-054
Title: Invalid Universal Plug and Play Request
can Disrupt System
Operation Date:
Software: Windows 98, Windows ME, Windows
XP
Impact: Denial of Service
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-054.asp.
Bulletin: MS01-055
Title:
Released:
Revised:
Software: Internet Explorer
Impact: Exposure and altering of data in
cookies
Max Risk: Moderate
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-055.asp.
Bulletin: MS01-056
Title: Windows Media Player .ASF Processor
Contains Unchecked Buffer
Date:
Software: Windows Media Player
Impact: Run code of attacker's
choice
Max Risk: Critical
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-056.asp.
Bulletin: MS01-057
Title: Specially Formed
Script in HTML Mail can Execute in Exchange 5.5
OWA
Date:
Revised:
Software: Microsoft Exchange 5.5 Server Outlook Web
Access
Impact: Run Code of Attacker's
Choice
Max Risk: Medium
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-057.asp.
Bulletin: MS01-058
Title:
Date:
Software: Internet Explorer
Impact: Run Code of an Attacker's
Choice
Max Risk: Critical
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-058.asp.
Bulletin: MS01-059
Title: Unchecked Buffer in Universal Plug and
Play can Lead to System
Compromise
Date:
Software: Windows 98, Windows 98SE, Windows ME,
Windows XP
Impact: Run code of attacker's
choice
Max Risk: Critical
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-059.asp.
Bulletin: MS01-060
Title: SQL Server Text Formatting Functions
Contain unchecked
Date:
Software: Microsoft SQL Server 7.0 and Microsoft SQL
Server 2000
Impact: Run code of attacker's choice on server, denial of
service
Max Risk: Moderate
Microsoft encourages
customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-060.asp.