Microsoft Security Bulletin(s) for 1/11/2005

[Jerry Bryant [MSFT]]

January 11, 2005
Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are
authoritative in all matters concerning Microsoft Security Bulletins! ANY
e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See the
individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/security/Bulletin/ms05-jan.mspx

Critical Bulletins:

Vulnerability in HTML Help Could Allow Code Execution (890175)
http://www.microsoft.com/technet/security/Bulletin/ms05-001.mspx

Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code
Execution (891711)
http://www.microsoft.com/technet/security/Bulletin/ms05-002.mspx

Important Bulletins:

Vulnerability in the Indexing Service Could Allow Remote Code Execution
(871250)
http://www.microsoft.com/technet/security/Bulletin/ms05-003.mspx


This represents our regularly scheduled monthly bulletin release (second
Tuesday of each month). Please note that Microsoft may release bulletins out
side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.

--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Max Burke]

Jerry Bryant [MSFT] scribbled:

Snip the updates announcements; Already installed successfully, and being
tested.

Care to clarify how to use the 'malware removal tool?'

So far the only way I can run it is by double clicking on the downloaded
install file (Windows-KB890830-ENU.exe) and agreeing to the EULA each
time....

Is this the way it's supposed to work?

On http://support.microsoft.com/?kbid=890830 it says this:
<quote>
When the Malicious Software Removal Tool runs, it performs the following
functions. Except where noted, the tool has the same behavior independent of
what command-line switches you use or how you download and run the tool.
Note that the tool is not actually installed on a computer. Therefore, no
entry is created for it in the Programs folder or in Add/Remove Programs.
<end quote>

Which indicates it's not actually installed on the Hard drive as a program
to run....

 

[Torgeir Bakken \(MVP\)]

Jerry Bryant [MSFT] scribbled:

Snip the updates announcements; Already installed successfully, and
being tested.

Care to clarify how to use the 'malware removal tool?'

So far the only way I can run it is by double clicking on the downloaded
install file (Windows-KB890830-ENU.exe) and agreeing to the EULA each
time....

Is this the way it's supposed to work?

Hi

To run it unattended, run it like this:
Windows-KB890830-ENU.exe /Q

After the scan is complete, the tool creates a file Mrt.log that
contains the results of the scan. The file is in the %windir%\Debug
folder.

If you run
Windows-KB890830-ENU.exe /?
you will get this message box:

---------------------------
Microsoft® Windows® Malicious Software Removal Tool
---------------------------
Usage:
/Q - quiet mode; if set, no UI is shown
/? - displays usage and engine version information
---------------------------
OK
---------------------------

More here also:

Deployment of the Microsoft Windows Malicious Software Removal Tool in an
enterprise environment
http://support.microsoft.com/default.aspx?scid=kb;en-us;891716