=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN022
_____________________________________________________________________

DATE                      : 12/01/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================

MS05-003
Title: Vulnerability in the Indexing Service Could Allow Remote Code
Execution (871250)

Affected Software:
  - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
  - Microsoft Windows XP Service Pack 1
  - Microsoft Windows XP 64-Bit Edition Service Pack 1
  - Microsoft Windows XP 64-Bit Edition Version 2003
  - Microsoft Windows Server 2003
  - Microsoft Windows Server 2003 64-Bit Edition

Non-Affected Software:
  - Microsoft Windows NT Server 4.0 Service Pack 6a
  - Microsoft Windows NT Server 4.0 Terminal Server Edition Service
Pack 6
  - Microsoft Windows XP Service Pack 2
  - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (ME)

Affected Components:
  - Indexing Service

Impact of Vulnerability: Remove Code Execution

Maximum Severity Rating: Important

Restart required: This update does not require a restart. The
installer stops the required services, applies the update, and then
restarts the services. However, if the required services cannot be
stopped for any reason, or if required files are in use, this update
will require a restart. If this occurs, a message appears that
advises you to restart. To help reduce the chance that a reboot will
not be required, stop all affected services and close all
applications that may use the affected files prior to installing the
security update.

Update can be uninstalled: Yes

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-003.mspx

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================