Re: Update: Microsoft Security Bulletin MS02-050
From: Wale Baker (walebaker@hotpop.com)
Date: 11/21/02
- Next message: S. Pidgorny [MVP]: "Re: secure sockets layer"
- Previous message: Gary Flynn: "Re: Messenger Service Spam"
- In reply to: Jerry Bryant [MS]: "Update: Microsoft Security Bulletin MS02-050"
- Next in thread: Lorrie: "Update: Microsoft Security Bulletin MS02-050"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Wale Baker" <walebaker@hotpop.com> Date: Thu, 21 Nov 2002 15:42:49 +0800
When we get the email from Microsoft Security Reponse Communications, I find
there is a PGP signature (check below)
and I find the method announced from microsoft website is:
============
Verifying our Digital Signature
We digitally sign all security bulletins. To verify the signature, please
download our PGP key here. The key's fingerprint is
5E39 0633 D6B3 9788 F776 D980 AB7A 9432.
============
My Question is How to verify the signature ? I have downloaded the asc file
and PGP tool but I am not sure how to do on the next step. Thanks for your
help!
Below is the email from Microsoft.
-----BEGIN PGP SIGNED MESSAGE-----
Dear Microsoft Customer,
I'm taking the unusual step of sending this mail to the Microsoft
Security Notification Service mailing list to tell you about some
changes in communications practices that the Microsoft
Security Response Center is making.
Customer feedback tells us that, while technical professionals
value our security bulletins, many end-users find them overly
detailed and confusing. In addition, end-users who subscribe
to the Microsoft Security Notification Service receive bulletins
that are of interest only to developers or system
administrators.
To help customers, for each issue, we will now create a less
technical end-user security bulletin that we will host at
http://www.microsoft.com/security/. We will continue to
release the current security bulletins targeted to technical
professionals. The new end-user security bulletins will describe
straightforward steps that customers can take to help keep
their systems secure.
In addition, before year's end, we will create a new End User
Security Notification Service that will notify customers of
security issues in end-user-oriented products and provide a link
to the appropriate end-user security bulletin.
The TechNet security bulletins will continue to include technical
details that enable IT professionals to determine where and
whether a patch is needed or whether workarounds are an
appropriate alternative.
We have also received feedback that, while many customers
rely on our Security Bulletin Severity Ratings to help them
decide which patches to apply, they find that the ratings fail to
clearly identify the most serious issues. There is also a
widespread feeling that the Severity Ratings are difficult to
understand and apply. For these reasons, we have modified the
Severity Rating criteria to help customers more easily evaluate
the impact of security issues. We hope that this more
prescriptive guidance will help you distinguish the most urgent
security issues. I encourage you to review the updated
Microsoft Security Response Center Security Bulletin Severity
Rating System at
http://www.microsoft.com/technet/security/policy/rating.asp
Microsoft is committed to help keep your systems safe. As part
of that commitment, we regularly review customer feedback
and update our security response process to ensure that we are
doing all we can to meet your needs. We appreciate your
feedback and hope that you will find that these changes help
you keep your systems secure.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPdkuIY0ZSRQxA/UrAQEm4wf+MJEySxj3zqhSIKIQVSJ2ZGMLQQSm6mpX
ZLgNPmzRysl9fsXjhTj+xk6vPTMig3IWgG9qYZu88wnIvLcoTaunwC4jJ+Wgk2xG
o3uXU5ZoilIvSdTAPqLKB2EagH7EKYpB90+R1M9JNZbHbZolCQtbxIpic/pH55IQ
fhjN4vYpn9iDnZ2FlgPL2dcPmMDa1PcKPHAyOTDxeoM9ioHTno8wCM8v+mjL0GLn
zyC4yaeEl0OpPUiRC8CQTKjGNmnP1W9STgSr490PUn42+DtXWLTn6Y8gkr8dxFPo
gU9RMYPpd6+v8wSe1taoQTJTwqJhYYHODetKVNuGK00oNs229YhyMA==
=tkoQ
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit http://www.microsoft.com/technet/security/notify.
asp.
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
If you do not wish to use Microsoft Passport, you can unsubscribe from the
Microsoft Security Notification Service via email as described below: Reply
to this message with the word UNSUBSCRIBE in the Subject line.
For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
"Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
news:#0AXNePkCHA.2672@tkmsftngp09...
> An update has been released for this patch..
>
> Title: Certificate Validation Flaw Could Enable Identity Spoofing
(Q329115)
> Date: November 20, 2002
> Software: Microsoft Windows 98; Microsoft Windows 98 Second Edition;
> Microsoft Windows Me; Microsoft Windows NT?4.0; Microsoft Windows NT 4.0,
> Terminal Server Edition; Microsoft Windows 2000; Microsoft Windows XP;
> Microsoft Office for Mac; Microsoft Internet Explorer for Mac; Microsoft
> Outlook Express for Mac
> Impact: Identity spoofing
>
> Maximum Severity Rating: Important
> Bulletin: MS02-050
>
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS02-050
>
> What Is It?
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS02-050 which concerns a vulnerability in the Windows Operating
> System and certain Microsoft products for Macintosh. Microsoft is, at
this
> time, releasing patches for Windows NT 4.0, Windows NT 4.0 Terminal Server
> Edition and Windows XP for this vulnerability. The patches for the other
> versions of Windows and the Microsoft products for Macintosh will be
> released as soon as possible. Customers are advised to review the
> information in the bulletin and test and deploy the patch in their
> environments.
>
> More information is now available at
> http://www.microsoft.com/technet/security/bulletin/MS02-050.asp
>
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety (1-866-727-2338) or post
in
> this newsgroup. International customers should contact their local
> subsidiary.
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
- Next message: S. Pidgorny [MVP]: "Re: secure sockets layer"
- Previous message: Gary Flynn: "Re: Messenger Service Spam"
- In reply to: Jerry Bryant [MS]: "Update: Microsoft Security Bulletin MS02-050"
- Next in thread: Lorrie: "Update: Microsoft Security Bulletin MS02-050"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
