Re: Pop Up Message re Buffer Overrun in Messenger Service

From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 02/07/04 

Date: Sat, 7 Feb 2004 13:40:32 -0000

I don't know who is sending these messages and normally you should disregard
them, but in this case it's true.

What is happening is that when you dial up or connect to the Internet, your
machine is sitting theere exposing all its services to other people on the
Internet. This is a really bad thing.

Now, supposing these was a bug in one of these services, somebody out on the
Internet (in actual fact, more likely a virus/worm than a person) could take
control of your computer and run their own programs on it (for example to
wipe your hard disk, etc).

Anyway, there are two issues for you to deal with. First of all, you need
to get yourself a firewall. A firewall for a home user is normally a piece
of software. These range in cost from nothing to about $50 or so.

Head over to the Zone Alarm web site (www.zonelabs) and look for the free
version of Zone Alarm and download it.

Other than that, there's Kerio (www.kerio.com) and others.

The other option is that if you're using a cable or DSL connection you can
get a broadband router box that does NAT (network address translation).
This gives you immediate protection from unathorised traffic coming into
your machine. If doesn't prevent any outbound traffic, though, so if you
were infected with a virus it wouldn't prevent that going out.

My preference is for a NAT router *and* a piece of software.

The next issue for you to deal with is that Microsoft is releasing patches
for these vulnerabilities, but you're possibly not installing them. For the
most severe vulnerabilities (e.g. the one exploited by the Blaster worm last
year), a firewall will mitigate this. However, you should still try to keep
up to date with Microsoft patches.

For instance, the current Service Pack for Windows 2000 is SP4. If you
haven't got SP4, you should get it.

Once that's done, head over to the TechNet security bulletin search page
(link below), select Windows 2000, Service Pack 4, leave only "critical"
ticked and install the patches it lists.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
current.asp

Regards

Oli

"LindaTex" <anonymous@discussions.microsoft.com> wrote in message
news:c2d501c3ed72$af710460$a401280a@phx.gbl...
> I have twice received the following message in a popup,
> and I want to know whether or not to respond to it. If you
> can help me with this, I would appreciate it.
>
> The message is in a gray box with a blue header. The
> title on the header is Messenger Service. Below, on the
> gray in black letters, is written the following:
>
> Message from Mocrosoft Networks to Windows user on
> (whatever the date and time).
>
> Microsoft Security Bulletin MS03-043.
>
> Buffer Overrun in Messenger Service Could Allow Code
> Execution (828035).
>
> Affected Software:
>
> Microsot NT Workstation
> Microsoft NT Server 4.0
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Win 98
> Miscosoft Windows Server 2003
>
> Not affected software:
>
> Microsoft Windows Millenium Edition
>
> Your system is affected, download the patch from the
> address below! FIRST TYPE THE ADDRESS BELOW INTO YOUR
> INTERNET BROWSER, THEN CLICK ' O.K.' THE ADDRESS WILL
> DISAPPEAR ONCE YOU HIT 'O.K.'
>
> www.windows-patch.info
>
> OK
>
>
>
>

Relevant Pages

  • Critical Microsoft Security Bulletin - MS04-004
    ... - Microsoft Windows NTŪ Workstation 4.0 Service Pack 6a ... - Internet Explorer 6 for Windows Server 2003 ... IMPACT OF VULNERABILITY: Remote Code Execution ...
    (microsoft.public.windows.mediacenter)
  • Neue SIcherheitsbulletins und Patches
    ... Critical MS06-057 Microsoft Windows Remote Code Execution ... Critical MS06-058 Microsoft Office Remote Code Execution ... Critical MS06-061 Microsoft Windows or Office Remote Code Execution ... Impact of Vulnerability: Information Disclosure ...
    (microsoft.public.de.german.visio)
  • Unannounced revisions to MS patches
    ... It tells what has been downloaded from Microsoft ... In addition to the new patches, please note the large number of patches that ... Security Update for Microsoft Windows - ...
    (NT-Bugtraq)
  • Re: !!Windows Is Infected!!
    ... trying to sell you patches that Microsoft provides free-of-charge. ... Messenger Service of Windows ... belive its a fake microsoft site the patch links on the ... Microsoft Windows NT Workstation ...
    (microsoft.public.windowsxp.general)
  • Re: Changing Font Color
    ... > The system idle process was operating at 99%. ... > installation (first by direct download, then by CD with no Virus Detection ... > If Microsoft had correctly written the Windows XP and Outlook Express ... > This vulnerability affects the following Microsoft Windows operating ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)