FIX TWO
CRITICAL VULNERABILITIES IN WINDOWS SERVER 2003
Microsoft has released updates to correct two critical vulnerability
issues in Windows Server 2003.
The first update, Microsoft Security Bulletin MS05-001, resolves a
vulnerability that exists in the HTML Help ActiveX control in Windows
that could allow information disclosure or remote code execution on
an affected system. If a user has logged into the server with administrative
privileges, an attacker who has successfully exploited this vulnerability
could basically take control of the server. (However, running Internet
Explorer 6 using Windows Server 2003's enhanced security mitigates
this problem.)
You can download the patch for this vulnerability from Microsoft's
Web site:
The second update, Microsoft Security Bulletin MS05-002, resolves
several vulnerabilities, one of which critically affects Windows Server
2003 systems. Again, an attacker who has exploited this vulnerability
could take complete control of an affected system.
You can also download the patch for this vulnerability from Microsoft's
Web site: