Security...

 

Microsoft Security Bulletin Update

November 2005

The monthly Microsoft security update for November 2005 was released on Tuesday November 8th.  One security update was released, addressing three separate issues in supported Windows operating systems and related components.  The November bulletin includes MS05-053, which Microsoft rates at a “critical” level.

MS05-053 - Critical
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

The potential impact to RALS customers are color coded as follows:

  • Red (immediate threat/urgent action needed)

  • Black (action needed/recommended)

  • Green (routine process or no action needed)

MS05-053 - Critical
Vulnerabilities in Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

  • This update resolves three newly-discovered, privately-reported and public vulnerabilities in the way Windows handles the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.

  • This affects Windows 2000 [and other Windows operating systems].

  • An attacker could exploit these vulnerabilities by hosting a malicious web page and enticing the user to visit this site or delivering the malicious content by other means such as email.  These issues can NOT be exploited without user interaction.  The impact of successful exploit could be remote code execution.  If the logged in user had administrative rights, the code execution could take complete control over the system.

  • This vulnerability cannot be exploited without user interaction.  The user cannot be forced to visit a malicious web page and the intended use for the RALS systems does not support users using the RALS systems for non-RALS related "web-surfing" activities nor provide for receiving emails with potentially malicious content or attachments..

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.

  • Recommend this update be included with the next regular RALS product test and release cycle.  The expected risk for adverse effects on RALS operations from this update is low. The update appears to change 4 files on Windows 2000 systems

Medical Automation Systems reviews all Microsoft security patches when they are released. No problems with the RALS systems have been found by our internal testing or reported by customers following the application of these security updates.  The application of these updates to the standard RALS system configuration has been approved.  Microsoft rates some of these as 'critical' but the vulnerabilities may in fact pose no risk to the RALS system if customers adhere to the intended use of RALS.

 

MS Patches NOT Critical to RALS Functionality If MAS determines that the vulnerability as described in a Microsoft bulletin should not adversely affect the RALS functionality when the system is used as intended, the security patch will be tested and included in the next routine product version release.  Should the user apply the patches, MAS cannot guarantee or warrant its operation or impact on the RALS system.  In this situation there will be no routine customer notification. 

 

MS Patches Critical to RALS Functionality If it is determined that the security vulnerability as described in a Microsoft bulletin is critical to the RALS functionality, MAS will notify customers via a broadcast email from SecurityUpdates@rals.com and by notice on the MAS website http://www.rals.com .

RALS-Plus I RALS-Web I RALS-eQuiz I RALS-TGCM I RALS-Report I Device Interfacing
Customer Support I Clinical Questions I MS Vulnerabilities I MS Updates I RRC Password of the Day
RRC Installation I RALS-Dataports I MAS News I About MAS I Case Studies
Contact Us I POC Links I Home I Legal Notice

© 2005 Medical Automation Systems, Inc., Charlottesville, VA USA. All rights reserved.