InfoWorld: Application development reports Microsoft patches critical bugs in IE, Windows. “Microsoft released 10 security patches, including three deemed “critical,” for bugs in a variety of the company’s products. Released Tuesday as part of the company’s monthly updates, the critical patches repair flaws in Windows and Internet Explorer that could allow attackers to take complete control of a computer, Microsoft said.”
Affected software includes Internet Explorer (an integral part of the OS which can’t be removed or disabled, according to Microsoft), HTML Help (see IE), Microsoft’s sharing protocol called SMB, Exchange 5.5, Outlook Express, ISA Server and more. Three “Critical” flaws allow a remote user to assume complete control of your machine. Affected versions of Windows include Windows 98, 98 SE, Millenium Edition (“ME”), Windows 2000 SP 3 and SP4, Windows XP SP1 and SP2, Windows XP 64-Bit Edition SP1 and Version 2003, and Windows Server 2003 original, SP1, Itanium original and SP1 and x64 Edition. (Microsoft no longer supports nor offers updates for Win95 nor NT editions, but you can presume these are likely affected, too.)
Windows Security Bulletins MS05-025 through MS05-034 are described on the TechNet web site. It is the 25th week of the year.