Fwd: [Intrusense VNS] 7 New Microsoft Security Bulletins

From: Steven Ouimet (souimet_at_intrusense.com)
Date: 10/15/03

  • Next message: Brad Arlt: "Re: Alternatives to sftp?" 
    Date: Wed, 15 Oct 2003 17:10:17 -0400
To: <security-basics@securityfocus.com>

    ------ Forwarded Message
    From: is-vnc@intrusense.com
    Organization: Intrusense LLC.
    Date: Wed, 15 Oct 2003 13:47:27
    To: souimet@intrusense.com
    Subject: [Intrusense VNS] 7 New Microsoft Security Bulletins (5 Critical)

    Intrusense - Vulnerability Notification Service

    Oct 15, 2003
    - A total of 7 new Microsoft Security Bulletins were announced today. They
    range from 'Moderate' to 'Critical' in severity.

    -//- CRITICAL

    Microsoft Security Bulletin MS03-041

    Title: Vulnerability in Authenticode Verification Could Allow Remote Code
    Execution (823182)

    Issued: October 15, 2003

    Impact: Remote Code Execution

    Affected Software:
    - Microsoft Windows NT Workstation 4.0, Service Pack 6a
    - Microsoft Windows NT Server 4.0, Service Pack 6a
    - Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
    - Microsoft Windows 2000, Service Pack 2
    - Microsoft Windows 2000, Service Pack 3, Service Pack 4
    - Microsoft Windows XP Gold, Service Pack 1
    - Microsoft Windows XP 64-bit Edition
    - Microsoft Windows XP 64-bit Edition Version 2003
    - Microsoft Windows Server 2003
    - Microsoft Windows Server 2003 64-bit Edition

    URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS03-041.asp

    -//-

    Microsoft Security Bulletin MS03-042

    Title: Buffer Overflow in Windows Troubleshooter ActiveX Control Could
    Allow Code Execution

    Issued: October 15, 2003

    Impact: Remote Code Execution

    Affected Software:
    - Microsoft Windows 2000, Service Pack 2
    - Microsoft Windows 2000, Service Pack 3, Service Pack 4

    URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS03-042.asp

    -//-

    Microsoft Security Bulletin MS03-043

    Title: Buffer Overrun in Messenger Service Could Allow Code Execution

    Issued: October 15, 2003

    Impact: Remote Code Execution

    Affected Software:
    - Microsoft Windows NT Workstation 4.0, Service Pack 6a - Download the patch
    - Microsoft Windows NT Server 4.0, Service Pack 6a - Download the patch
    - Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 -
    Download the patch
    - Microsoft Windows 2000, Service Pack 2 - Download the patch
    - Microsoft Windows 2000, Service Pack 3, Service Pack 4 - Download the
    patch
    - Microsoft Windows XP Gold, Service Pack 1 - Download the patch
    - Microsoft Windows XP 64-bit Edition - Download the patch
    - Microsoft Windows XP 64-bit Edition Version 2003 - Download the patch
    - Microsoft Windows Server 2003 - Download the patch
    - Microsoft Windows Server 2003 64-bit Edition - Download the patch

    URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS03-043.asp

    -//-

    Microsoft Security Bulletin MS03-044

    Title: Buffer Overrun in Windows Help and Support Center Could Lead to
    System Compromise

    Issued: October 15, 2003

    Impact: Remote Code Execution

    Affected Software:
    - Microsoft Windows Millennium Edition
    - Microsoft Windows NT Workstation 4.0, Service Pack 6a
    - Microsoft Windows NT Server 4.0, Service Pack 6a
    - Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
    - Microsoft Windows 2000, Service Pack 2
    - Microsoft Windows 2000, Service Pack 3, Service Pack 4
    - Microsoft Windows XP Gold, Service Pack 1
    - Microsoft Windows XP 64-bit Edition
    - Microsoft Windows XP 64-bit Edition Version 2003 -
    - Microsoft Windows Server 2003
    - Microsoft Windows Server 2003 64-bit Edition

    URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS03-044.asp

    -//-

    Microsoft Security Bulletin MS03-046

    Title: Vulnerability in Exchange Server Could Allow Arbitrary Code
    Execution

    Issued: October 15, 2003

    Impact: Remote Code Execution

    Affected Software:
    - Microsoft Exchange Server 5.5, Service Pack 4
    - Microsoft Exchange 2000 Server, Service Pack 3

    URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS03-046.asp

    -//- IMPORTANT

    Microsoft Security Bulletin MS03-045

    Title: Buffer Overrun in the ListBox and in the ComboBox Control Could
    Allow Code Execution

    Issued: October 15, 2003

    Impact: Local Privledge Escalation

    Affected Software:
    - Microsoft Windows NT Workstation 4.0, Service Pack 6a
    - Microsoft Windows NT Server 4.0, Service Pack 6a
    - Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
    - Microsoft Windows 2000, Service Pack 2
    - Microsoft Windows 2000 Service Pack 3, Service Pack 4
    - Microsoft Windows XP Gold, Service Pack 1 ñ Download the patch
    - Microsoft Windows XP 64 bit Edition ñ Download the patch
    - Microsoft Windows XP 64 bit Edition Version 2003 ñ Download the patch
    - Microsoft Windows Server 2003 ñ Download the patch
    - Microsoft Windows Server 2003 64 bit Edition ñ Download the Patch

    URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS03-045.asp

    -//- MODERATE

    Microsoft Security Bulletin MS03-047

    Title: Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
    Cross-Site Scripting Attack

    Issued: October 15, 2003

    Impact: Remote Code Execution

    Affected Software:
    - Microsoft Exchange Server 5.5, Service Pack 4

    URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS03-047.asp

    Steven Ouimet
    Information Security Consultant
    Intrusense LLC.
    http://www.intrusense.com 

    --
Intrusense - Securing Business As Usual
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------
  • Next message: Brad Arlt: "Re: Alternatives to sftp?"

    Relevant Pages

    • Neues Microsoft Sicherheits-Bulletin für September - BITTTE BEACHTEN und UPDATES EINSPIELEN
      ... The purpose of this update is to provide you with a summary of the Microsoft ... Microsoft is releasing the following security bulletins for newly discovered ... Microsoft is releasing an updated version of the Microsoft Windows Malicious ... Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
      (microsoft.public.de.german.visio)
    • MinorRev: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extens
      ... Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code ... * Microsoft Windows XP, Microsoft Windows XP Service Pack 1 ... * Microsoft Office XP, Microsoft Office XP Service Pack 1, Service Pack ...
      (NT-Bugtraq)
    • RE: Windows 2000 VPN No Longer Connecting
      ... VPN Client Cannot Establish a Connection After You Install a Service Pack ... This article contains information about modifying the registry. ... your Windows XP or Windows 2000 PPTP client to your corporate network, ... obtain the latest service pack for Microsoft ...
      (microsoft.public.win2000.networking)
    • Office 2004 Service Pack - Read Me
      ... Microsoft Corporation, 2004. ... relevant to Microsoft Office 2004 for Mac Service Pack 1 and is ... Microsoft Word, PowerPoint, Excel, and Entourage for Office 2004, ... Before you install the service pack, ...
      (microsoft.public.mac.office)
    • [NT]Vulnerabilities in GDI+ Allow Code Execution (MS08-052)
      ... Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, ... Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft ... Microsoft .NET Framework 2.0 ...
      (Securiteam)