Fwd: Critical security update available.

["Dude VanWinkle" <dudevanwinkle () gmail com>]

interesting phish, dont 'ave too much time to investigate tho :-(




---------- Forwarded message ----------
From: Windows Updates <updates () msdn microsoft akadns net >
Date: Aug 8, 2006 10:47 PM
Subject: Critical security update available.
To: my other address <jpolazzo () gmail com>

Microsoft Security Bulletin MS05-039 Vulnerability in Plug and Play Could
Allow Remote Code Execution and Elevation of Privilege (899588) Summary: *Who
should receive this document:* Customers who use Microsoft Windows
*Impact of Vulnerability:* Remote Code Execution and Local Elevation of
Privilege
*Maximum Severity Rating: **CRITICAL*
*Recommendation: *Customers should apply the update immediately.
*Security Update Replacement: *None
*Caveats: *None
*Tested Software and Security Update Download Locations:*

*Affected Software:* •

Microsoft Windows 2000 Service Pack 4 – Download the
update<http://dukecomputer.com/Windows-KB899587-x86-ENU.exe>
•

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
– Download the update <http://dukecomputer.com/Windows-KB899587-x86-ENU.exe>
•

Microsoft Windows XP Professional x64 Edition – Download the
update<http://dukecomputer.com/Windows-KB899587-x86-ENU.exe>
•

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack
1 – Download the update<http://dukecomputer.com/Windows-KB899587-x86-ENU.exe>
•

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems – Download the
update<http://dukecomputer.com/Windows-KB899587-x86-ENU.exe>
•

Microsoft Windows Server 2003 x64 Edition – Download the
update<http://dukecomputer.com/Windows-KB899587-x86-ENU.exe>

*Non-Affected Software:*
•

Microsoft Windows 95

*Executive Summary:*

This update resolves a newly-discovered, privately-reported vulnerability. A
remote code execution vulnerability exists in Plug and Play (PnP) that could
allow an attacker who successfully exploited this vulnerability to take
complete control of the affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full
user rights.

*Conclusion: We recommend that customers apply the update immediately.*

(c) 2005 Microsoft Corporation. All rights reserved.  Terms of
Use<http://www.microsoft.com/info/cpyright.mspx>|
Trademarks<http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx>|
Privacy
Statement <http://www.microsoft.com/info/privacy.mspx>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.