[NT] Update Rollup 1 for Windows XP Is Available

From: SecuriTeam (support_at_securiteam.com)
Date: 10/26/03

  • Next message: SecuriTeam: "[NT] Shatter XP (Visual Styles)"
    To: list@securiteam.com
    Date: 26 Oct 2003 11:13:05 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Update Rollup 1 for Windows XP Is Available
    ------------------------------------------------------------------------

    SUMMARY

    Microsoft has released Update Rollup 1 for Microsoft Windows XP. An update
    rollup is a cumulative set of Hotfixes, security patches, critical
    updates, and updates that are packaged together for easy deployment.
    Update Rollup 1 for Windows XP is a single package that includes many
    previously released critical updates for Windows XP.

    DETAILS

    For additional information about the critical updates that are included in
    this update rollup, click the following article numbers to view the
    articles in the Microsoft Knowledge Base:
    <http://support.microsoft.com/default.aspx?kbid=810565> 810565 Hyperlinks
    Open in Internet Explorer Instead of in Default Browser or Help and
    Support Center

     <http://support.microsoft.com/default.aspx?kbid=821557> 821557 MS03-027:
    An Unchecked Buffer in the Windows Shell Could Permit Your System to Be
    Compromised

     <http://support.microsoft.com/default.aspx?kbid=811493> 811493MS03-013:
    Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated
    Privileges

     <http://support.microsoft.com/default.aspx?kbid=328310> 328310 MS02-071:
    Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation

     <http://support.microsoft.com/default.aspx?kbid=823980> 823980MS03-026:
    Buffer Overrun in RPC May Allow Code Execution

     <http://support.microsoft.com/default.aspx?kbid=331953> 331953MS03-010:
    Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks

     <http://support.microsoft.com/default.aspx?kbid=331953> 323255 MS02-055:
    Unchecked Buffer in Windows Help Facility May Allow Attacker to Run Code

     <http://support.microsoft.com/default.aspx?kbid=810577> 810577 MS03-005:
    Unchecked Buffer in Windows Redirector May Permit Privilege Elevation

     <http://support.microsoft.com/default.aspx?kbid=815021> 815021 MS03-007:
    Unchecked Buffer in Windows Component May Cause Web Server Compromise

     <http://support.microsoft.com/default.aspx?kbid=329115> 329115 MS02-050:
    Certificate Validation Flaw Might Permit Identity Spoofing

     <http://support.microsoft.com/default.aspx?kbid=329170> 329170 MS02-070:
    Flaw in SMB Signing May Permit Group Policy to Be Modified

     <http://support.microsoft.com/default.aspx?kbid=817606> 817606 MS03-024:
    Buffer Overrun in Windows Could Lead to Data Corruption

     <http://support.microsoft.com/default.aspx?kbid=814033> 814033 Cannot
    Install Driver Updates from the Windows Update Web Site

     <http://support.microsoft.com/default.aspx?kbid=810833> 810833 MS03-001:
    Unchecked Buffer in the Locator Service Might Permit Code to Run

     <http://support.microsoft.com/default.aspx?kbid=823559> 823559 MS03-023:
    Buffer Overrun in the HTML Converter Could Allow Code Execution

     <http://support.microsoft.com/default.aspx?kbid=329048> 329048 MS02-054:
    Unchecked Buffer in File Decompression Functions May Allow Attacker to Run
    Code

     <http://support.microsoft.com/default.aspx?kbid=329441> 329441 You Cannot
    Create a Network Connection After You Restore Windows XP

     <http://support.microsoft.com/default.aspx?kbid=817287> 817287 Windows
    Update 643 Error and the Catalog Database

     <http://support.microsoft.com/default.aspx?kbid=329390> 329390 MS02-072:
    Unchecked Buffer in Windows Shell Might Permit System Compromise

     <http://support.microsoft.com/default.aspx?kbid=329834> 329834 MS02-063:
    Unchecked Buffer in PPTP Implementation May Permit Denial-of-Service
    Attacks

     <http://support.microsoft.com/default.aspx?kbid=811630> 811630 HTML Help
    Update to Limit Functionality When It Is Invoked with the window.showHelp
    Method

     <http://support.microsoft.com/default.aspx?kbid=824146> 824146 MS03-039:
    A Buffer Overrun in RPCSS May Allow Code Execution
    Note Update Rollup 1 for Windows XP is not available for 64-bit versions
    of Windows XP.

    Download Information:
    To download and to install the express-installation version of this update
    rollup (2.7megabytes), visit the following Microsoft Windows Update Web
    site, and then install critical update 826939:
    <http://windowsupdate.microsoft.com> http://windowsupdate.microsoft.com

    Notes:
     * The express installation is not available for Windows XP-based
    computers that do not have Windows XP Service Pack 1 (SP1) installed. For
    additional information about how to obtain SP1, click the following
    article number to view the article in the Microsoft Knowledge Base:
    <http://support.microsoft.com/default.aspx?kbid=322389> 322389How to
    Obtain the Latest Windows XP Service Pack

     * The express installation is not available through Automatic Updates,
    the Windows Update Catalog, Software Update Services (SUS), or the
    Microsoft Download Center.

     * The express installation is available for Windows XP SP1-based
    computers that do not have one or more of the critical updates that are
    included in this update rollup.

    Administrators can download the standard version of this update rollup
    (8.96 megabytes) to deploy to multiple Windows XP-based or Windows XP
    SP1-based computers. The standard package is available from the Microsoft
    Download Center, from the Microsoft Windows Update Catalog, or by using
    SUS. To download the standard package from the Windows Update Catalog,
    search for this article ID number by using the Advanced Search Options
    feature in the Windows Update Catalog. For additional information about
    how to download updates from the Windows Update Catalog, click the
    following article number to view the article in the Microsoft Knowledge
    Base: <http://support.microsoft.com/default.aspx?kbid=323166> 323166 HOW
    TO: Download Windows Updates and Drivers from the Windows Update Catalog

    The following file is available for download from the Microsoft Download
    Center:
    <http://www.microsoft.com/downloads/details.aspx?FamilyId=D531BF00-D7BE-48E3-ABCC-961602BD72C2&displaylang=en> Download the 826939 package now.

    For additional information about how to download Microsoft Support files,
    click the following article number to view the article in the Microsoft
    Knowledge Base: <http://support.microsoft.com/default.aspx?kbid=119591>
    119591 How to Obtain Microsoft Support Files from Online Services
    Microsoft scanned this file for viruses. Microsoft used the most current
    virus-detection software that was available on the date that the file was
    posted. The file is stored on security-enhanced servers that help to
    prevent any unauthorized changes to the file.
     * SUS administrators can deploy the standard version of this update
    rollup by using Automatic Updates.

     * You can install this update rollup on Windows XP-based computers
    without SP1, but Microsoft recommends that you also install SP1 and any
    other critical updates and security patches that are not included in this
    update rollup. Installing SP1 and any other critical updates and security
    patches that are not included in this update rollup installs the latest
    security and reliability updates for Windows XP. For additional
    information about how to obtain SP1, click the following article number to
    view the article in the Microsoft Knowledge Base:
    <http://support.microsoft.com/default.aspx?kbid=322389> 322389 How to
    Obtain the Latest Windows XP Service Pack

    For additional information about how to keep your Windows XP-based
    computer current, click the following article number to view the article
    in the Microsoft Knowledge Base:
    <http://support.microsoft.com/default.aspx?kbid=311047> 311047 HOW TO:
    Keep Your Windows Computer Up-to-Date

     * The express-installation version of this update rollup requires Windows
    XP SP1. The standard version of this update rollup requires the released
    version of Windows XP or Windows XP SP1. For additional information about
    how to obtain SP1, click the following article number to view the article
    in the Microsoft Knowledge Base:
    <http://support.microsoft.com/default.aspx?kbid=322389> 322389 How to
    Obtain the Latest Windows XP Service Pack

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:jthomas@ETAXFN.COM> Jeffrey
    Thomas

    The original article can be found at:
    <http://support.microsoft.com/default.aspx?scid=kb;en-us;826939>
    http://support.microsoft.com/default.aspx?scid=kb;en-us;826939

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[NT] Shatter XP (Visual Styles)"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #120
      ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #242
      ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
      (Focus-Microsoft)
    • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
      (Securiteam)
    • SecurityFocus Microsoft Newsletter #176
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #49
      ... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ...
      (Focus-Microsoft)