Re: NEW - Security Flaw In Windows XP... (and 2000/2003)

From: Bob H (ylp17410_at_comcast.net)
Date: 09/12/03


Date: Fri, 12 Sep 2003 14:09:30 GMT


Actually Microsoft DID NOT discover the additional vulnerability. It was uncovered by independent security groups.

But THEY SHOULD HAVE!!

Bob

"Marc Liron" <mliron@msn.com> wrote in message news:09c401c37911$c76250e0$a401280a@phx.gbl...
:
: Hi,
:
: My site has been receiving a lot of email about the new
: security vulnerability to users of XP (and NT4/2000/2003)
:
: Some of the folks writing to me are confused about this
: issue as it relates to the flaw in XP's DCOM/RPCSS
: services.
:
: Microsoft have already issued a patch under KB823980 for
: a known security threat. (Those that did not apply this
: patch are the ones who were hit by the MSBlaster worm!)
:
: However, Microsoft have discovered THREE more flaws that
: could lead to another similar worm attacking tens of
: thousands of users!
:
: Users need to patch their systems against any potential
: Threat exploiting these new DCOM/RPCSS flaws.
:
: I have posted the following article in response to the
: amount of interest in this subject.
:
: The new patch is under KB824146 - released 10th Sept 2003
:
: http://www.updatexp.com/kb824146.html
:
:
: Kind Regards
:
: Marc Liron
: www.updatexp.com



Relevant Pages

  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #242
    ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
    (Focus-Microsoft)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • SecurityFocus Microsoft Newsletter # 87
    ... Meeting IT Security Benchmarks Through IT Audits ... MICROSOFT VULNERABILITY SUMMARY ... Bypassing Windows 2000 Domain Password settings ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #75
    ... Microsoft's Internet Security & Acceleration Server with fault-tolerance ... The Microsoft UPnP Vulnerability ... Relevant URL: ...
    (Focus-Microsoft)