# Recent Critical Updates



## eddie5659 (Mar 19, 2001)

Hiya

The IETF Profile of the X.509 certificate standard defines several 
optional fields that can be included in a digital certificate. One 
of these is the Basic Constraints field, which indicates the maximum 
allowable length of the certificate's chain and whether the 
certificate is a Certificate Authority or an end-entity certificate. 
However, the APIs within CryptoAPI that construct and validate 
certificate chains (CertGetCertificateChain(), 
CertVerifyCertificateChainPolicy(), and WinVerifyTrust()) do not 
Check the Basic Constraints field. The same flaw, unrelated to 
CryptoAPI, is also present in several Microsoft products for 
Macintosh.

The vulnerability could enable an attacker who had a valid 
end-entity certificate to issue a subordinate certificate that, 
although bogus, would nevertheless pass validation. Because 
CryptoAPI is used by a wide range of applications, this could 
enable a variety of identity spoofing attacks. These are discussed 
in detail in the bulletin FAQ, but could include:

- Setting up a web site that poses as a different web site, and 
"proving" its identity by establishing an SSL session as the 
legitimate web site.

- Sending emails signed using a digital certificate that 
purportedly belongs to a different user.

- Spoofing certificate-based authentication systems to gain 
entry as a highly privileged user.

- Digitally signing malware using an Authenticode certificate 
that claims to have been issued to a company users might trust.

*Maximum Severity Rating: Critical*

Download locations for this patch

Windows NT 4.0:

http://www.microsoft.com/ntserver/nts/downloads/critical/q328145/default.asp

Windows NT 4.0 Terminal Server Edition:

http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q328145/default.asp

Windows XP:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=42562

Windows XP 64 bit Edition:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=42558

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Update:

Microsoft Windows 98:

http://www.microsoft.com/windows98/downloads/contents/WUCritical/q329115/default.asp

Windows 98 Second Edition:

http://www.microsoft.com/windows98/downloads/contents/WUCritical/q329115/default.asp

Windows Me:

Only available via

http://www.microsoft.com/windowsupdate

Windows 2000:

http://www.microsoft.com/windows2000/downloads/critical/q329115/default.asp

Microsoft Office v.X for Mac:

http://www.microsoft.com/mac/download/security.asp

Microsoft Office 2001 for Mac:

http://www.microsoft.com/mac/download/security.asp

Microsoft Office 98 for the Macintosh:

http://www.microsoft.com/mac/download/security.asp

Microsoft Internet Explorer for Mac (for OS 8.1 to 9.x):

http://www.microsoft.com/mac/download/security.asp

Microsoft Internet Explorer for Mac (for OS X):

http://www.microsoft.com/mac/download/security.asp

Microsoft Outlook Express 5.0.6 for Mac:

http://www.microsoft.com/mac/download/security.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

The Outlook 2002 Update: December 4, 2002 offers the highest levels of stability and security available for Microsoft Outlook® 2002. This update fixes an instability problem introduced in Office XP Service Pack 2 (SP2) that affects Outlook POP3 / SMTP clients. This update also fixes a vulnerability that could allow an attacker to send a malformed message which would make the user's Outlook session unresponsive. The Outlook 2002 Update: December 4, 2002 is part of Microsoft's continued effort to provide the latest product updates to customers.

To install this update, you must have the following:

Microsoft Office XP Service Pack 2
Microsoft Windows® Installer version 2.0 or later.

Note Microsoft Windows 2000 Service Pack 3 and Microsoft Windows XP include this version of the Windows Installer. Otherwise, the latest version of Windows Installer is available as a separate download at the following locations:

Windows Installer for Windows 95, 98, and ME

Windows Installer for Windows NT 4.0 and 2000

http://office.microsoft.com/downloa...aseID=44806&area=search&ordinal=3&redirect=no

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Microsoft Outlook provides users with the ability to work with
e-mail, contacts, tasks, and appointments. Outlook e-mail handling
includes receiving, displaying, creating, editing, sending, and
organizing e-mail messages. When working with received e-mail
messages, Outlook processes information contained in the header of
the e-mail which carries information about where the e-mail came
from, its destination, and attributes of the message.

A vulnerability exists in Outlook 2002 in its processing of e-mail
header information. An attacker who successfully exploited the
vulnerability could send a specially malformed e-mail to a user of
Outlook 2002 that would cause the Outlook client to fail under
certain circumstances. The Outlook 2002 client would continue to
fail so long as the specially malformed e-mail message remained on
the e-mail server. The e-mail message could be deleted by an e-mail
administrator, or by the user via another e-mail client such as
Outlook Web Access or Outlook Express, after which point the
Outlook 2002 client would again function normally.

Mitigating Factors:
====================
- Outlook 2002 clients connecting to e-mail servers using the
MAPI protocol are not affected. Only Outlook 2002 clients using
POP3, IMAP, or WebDAV protocols are vulnerable.

- The vulnerability does not affect Outlook 2000 or Outlook Express.

- The vulnerability is a denial of service vulnerability only.
The attacker would not be able to access the user?s e-mail or
system in any way. The vulnerability could not be used to read,
delete, create, or alter the user?s e-mail.

- If an attacker was able to send a specially malformed e-mail that
successfully exploited this vulnerability, the specially
malformed e-mail could be deleted either by an e-mail
administrator, or by the user via another e-mail client such as
Outlook Web Access or Outlook Express. Once the specially
malformed e-mail has been removed, normal operation would resume.

*Maximum Severity Rating: Moderate*

Affected Software:

Microsoft Outlook 2002

Download locations for this patch

Microsoft Outlook 2002:

http://office.microsoft.com/downloads/2002/olk1005.aspx

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-067.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

This is a cumulative patch for Internet Explorer 5.5 and 6.0. In 
addition to including the functionality of all previously released 
patches for Internet Explorer 5.5 and 6.0, it also eliminates a 
newly discovered flaw in Internet Explorer's cross-domain security 
model. This flaw occurs because the security checks that Internet 
Explorer carries out when particular object caching techniques are 
used in web pages are incomplete. This could have the effect of 
allowing a website in one domain to access information in another, 
including the user's local system.

Exploiting the vulnerability could enable an attacker to read, but 
not change, any file on the user's local computer. In addition, the 
attacker could invoke an executable that was already present on the 
local system. The attacker would need to know the exact location of 
the executable, and would not be able to pass parameters to it. 
Microsoft is not aware of any executable that ships by default as 
part of Windows and, when run without parameters, could be 
dangerous.

An attacker could exploit the vulnerability by constructing a web 
page that uses a cached programming technique, and could then 
either host it on a web site or send it to a user via email. In the 
case of the web-based attack vector the page could be automatically 
opened when a user visited the site In the case of the HTML mail-
based attack vector, the page could be opened when the recipient 
opened the mail or viewed it using the Preview pane.

Mitigating Factors:
====================
- -Internet Explorer 5.01 is not affected by this vulnerability. 
- -The web-based attack scenario would provide no way for the 
attacker to force users to visit the site. Instead, the attacker 
would need to lure them there, typically by getting them to click 
on a link that would take them to the attacker's site. 
- -The HTML mail-based attack scenario would be blocked by Outlook 
Express 6.0 and Outlook 2002 in their default configurations, and 
by Outlook 98 and 2000 if used in conjunction with the Outlook 
Email Security Update. 
- -The vulnerability would allow an attacker to read but not add, 
delete or modify files on the user's local system. 
- -The attacker would need to know the name and location of any file 
on the system to successfully invoke it. If invoked, there would be 
no way for an attacker to pass parameters to that executable. 
- -This vulnerability does not provide any way for an attacker to put 
a program of their choice onto another user's system.

*Maximum Severity Rating: Moderate*

Affected Software:

Microsoft Internet Explorer 5.5 
Microsoft Internet Explorer 6.0

Download locations for this patch

http://www.microsoft.com/windows/ie/downloads/critical/q324929/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-068.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

The Microsoft VM is a virtual machine for the Win32(r) operating
environment. The Microsoft 
VM shipped in most versions of Windows (a complete list is available
in the FAQ), as well as 
in most versions of Internet Explorer.

A new version of the Microsoft VM is available, which includes all
previously released fixes 
for the VM, as well as fixes for eight newly reported security
issues. The attack vectors 
for all of the new issues would likely be the same. An attacker would
create a web page 
that, when opened, exploits the desired vulnerability, and either
host it on a web page or 
send it to a user as an HTML mail.

The newly reported security issues are as follows: 
- A security vulnerability through which an untrusted
Java applet could access COM objects. By design, COM
objects should only be available to trusted Java
programs because of the functionality they expose. COM
objects are available that provide functionality through
which an attacker could take control of the system. 
- A pair of vulnerabilities that, although having 
different underlying causes, would have the same effect,
namely, disguising the actual location of the applet's
codebase. By design, a Java applet that resides on user
storage or a network share has read access to the folder
it resides in and all folders below it. The 
vulnerabilities provide methods by which an applet 
located on a web site could misrepresent the location of
its codebase, to indicate that it resided instead on the
user's local system or a network share. 
- A vulnerability that could enable an attacker to construct
an URL that, when parsed, would load a Java applet from
one web site but misrepresent it as belonging to another
web site. The result would be that the attacker's applet
would run in the other site's domain. Any information the
user provided to it could be relayed back to the attacker. 
- A vulnerability that results because the Microsoft VM 
doesn't prevent applets from calling the JDBC APIs - a 
set of APIs that provide database access methods. By 
design, these APIs provide functionality to add, change,
delete or modify database contents, subject only to the
user's permissions. 
- A vulnerability through which an attacker could 
temporarily prevent specified Java objects from being
loaded and run. A legacy security mechanism known as the
Standard Security Manager provides the ability to impose
restrictions on Java applets, up to and including 
preventing them from running altogether. However, the VM
does not adequately regulate access to the SSM, with the
result that an attacker's applet could add other Java 
objects to the "banned" list. 
- A vulnerability through which an attacker could learn a
user's username on their local system. The vulnerability
results because one particular system property, user.dir,
should not be available to untrusted applets but, through
a flaw, is. While knowing a username would not in itself
pose a security risk, it could be useful for 
reconnaissance purposes. 
- A vulnerability that results because it's possible for a
Java applet to perform an incomplete instantiation of 
another Java object. The effect of doing so would be to
cause the containing application - Internet Explorer - to
fail.

*Maximum Severity Rating: Critical*

Affected Software:

Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. All builds of the Microsoft VM up to and including build 5.0.3805 are affected by these vulnerabilities

I dont know if the Microsoft VM is installed on my system. How can I tell?

If youre using any of the following versions of Windows, you definitely have the Microsoft VM installed:

Microsoft Windows 95 
Microsoft Windows 98 and 98SE 
Microsoft Windows Millennium 
Microsoft Windows NT 4.0, beginning with Service Pack 1 
Microsoft Windows 2000 
Microsoft Windows XP, beginning with Service Pack 1 
The Microsoft VM also shipped as part of several versions of Internet Explorer and other products and was incorporated into Windows XP via install on demand. If youre in doubt about whether you have it installed, do the following:

Select Start, then Run. 
Open a command box, as follows: 
If you are running Windows 98 or Windows Millennium, type command (without the quotes), then hit the enter key. 
If you are running Windows NT 4.0, Windows 2000, or Windows XP, type cmd (without the quotes), then hit the enter key. 
In the resulting command box, type Jview (without the quotes). If a program runs, you have the Microsoft VM installed. If you receive an error saying that no program by that name exists, you dont. 
Is this a new version of the Microsoft VM?

Yes, Microsoft VM build 3809 is a new release of the Microsoft VM.

How can I tell what version of the Microsoft VM Im using?

Heres how to determine the build number youre using:

Select Start, then Run. 
On Windows 95, 98, or Me, type command (without the quotes). On Windows NT 4.0, 2000, or XP, type cmd (again, without the quotes). Hit the enter key. 
In the result command box, type Jview (without the quotes) and hit the enter key. 
In the topmost line of the resulting listing, you should see a version number of the form x.yy.zzzz. The final four digits are the version number.

3809 or higher: Patch not needed.

Download locations for this patch

The patch is available to update existing Microsoft VMs via the Windows Update web site.

http://windowsupdate.microsoft.com/

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-069.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

The Windows Shell is responsible for providing the basic framework
of the Windows user interface experience. It is most familiar to
users as the Windows Desktop, but also provides a variety of other
functions to help define the user's computing session, including
organizing files and folders, and providing the means to start
applications.

An unchecked buffer exists in one of the functions used by the
Windows Shell to extract custom attribute information from audio
files. A security vulnerability results because it is possible
for a malicious user to mount a buffer overrun attack and attempt
to exploit this flaw.

An attacker could seek to exploit this vulnerability by creating
an .MP3 or .WMA file that contained a corrupt custom attribute
and then host it on a website, on a network share, or send it via
an HTML email. If a user were to hover his or her mouse pointer
over the icon for the file (either on a web page or on the local
disk), or open the shared folder where the file was stored, the
vulnerable code would be invoked. An HTML email could cause the
vulnerable code to be invoked when a user opened or previewed the
email. A successful attack could have the effect of either causing
the Windows Shell to fail, or causing an attacker's code to run on
the user's computer in the security context of the user.

*Maximum Severity Rating: Critical*

Affected Software:

Windows XP Home Edition 
Windows XP Professional 
Windows XP Tablet PC Edition 
Windows XP Media Center Edition

Download locations for this patch

Microsoft Windows XP:

32 bit edition 

64 bit edition 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-072.asp

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

Microsoft Security and Privacy


----------



## eddie5659 (Mar 19, 2001)

Hiya

The Microsoft Locator service is a name service that maps logical
names to network-specific names. It ships with Windows NT 4.0,
Windows 2000, and Windows XP. By default, the Locator service is
enabled only on Windows 2000 domain controllers and Windows NT 4.0
domain controllers; it is not enabled on Windows NT 4.0 workstations
or member servers, Windows 2000 workstations or member servers,
or Windows XP.

A security vulnerability results from an unchecked buffer in the
Locator service. By sending a specially malformed request to the
Locator service, an attacker could cause the Locator service to
fail, or to run code of the attacker's choice on the system.

Mitigating Factors:
====================
- The Locator service is not enabled by default on any affected
versions of Windows with the exception of Windows 2000 domain
controllers and Windows NT 4.0 domain controllers.

- A properly-configured firewall would block the calls to the
Locator service, which would protect an affected machine from
an Internet-based attack.

*Maximum Severity Rating: Critical *

Affected Software:

Microsoft Windows NT 4.0 
Microsoft Windows NT 4.0, Terminal Server Edition 
Microsoft Windows 2000 
Microsoft Windows XP

Download locations for this patch

Windows NT 4.0:

All except Japanese NEC and Chinese - Hong Kong 

Japanese NEC 

Chinese - Hong Kong 

Windows NT 4.0, Terminal Server Edition:

ALL

Windows 2000:

All except Japanese NEC 

Japanese NEC 

Windows XP:

32-bit Edition 

64-bit Edition 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-001.asp

Regards

eddie


----------



## ladyjeweler (Sep 25, 2002)

Critical Updates and Service packs (3) Internet Explorer 6 Service Pack 1


810847: February 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1
Download size: 2.0 MB, 11 minutes
An identified security issue could enable an attacker to read files or run programs on a computer that visited his or her Web site. By installing this update, you can help protect your computer against this issue and bring Microsoft® Internet Explorer up-to-date with respect to security. Read more...


811630: Critical Update (Windows XP)
Download size: 1.4 MB, 8 minutes
This update enables applications to access HTML Help in a new, restricted mode. Future updates of Internet Explorer require this new capability. Download now to ensure that Internet Explorer can properly display HTML Help in HTML pages. Read more...


810577: Security Update
Download size: 645 KB, 4 minutes
A security issue has been identified that could allow an attacker to compromise a computer running Microsoft(r) Windows(r) XP and gain control over it. To attempt an attack, the attacker would have to be able to log on to the computer. You can help protect your computer by installing this update from Microsoft. Read more...


----------



## eddie5659 (Mar 19, 2001)

Hiya

This is a cumulative patch that includes the functionality of all 
previously released patches for IE 5.01, 5.5, 6.0. In addition, it 
eliminates two newly discovered vulnerabilities involving Internet 
Explorer's cross-domain security model - which keeps windows of 
different domains from sharing information. These flaws results in 
Internet Explorer because incomplete security checking causes 
Internet Explorer to allow one website to potentially access 
information from another domain when using certain dialog boxes.

In order to exploit this flaw, an attacker would have to host a 
malicious web site that contained a web page designed to exploit this
particular vulnerability and then persuade a user to visit that site.
Once the user has visited the malicious web site, it would be 
possible for the attacker to run malicious script by misusing a 
dialog box and cause that script to access information in a different
domain. In the worst case, this could enable the web site operator to
load malicious code onto a user's system. In addition, this flaw 
could also enable an attacker to invoke an executable that was 
already present on the local system.

A related cross-domain vulnerability allows Internet Explorer's 
showHelp() functionality to execute without proper security 
checking. showHelp() is one of the help methods used to display an 
HTML page containing help content. showHelp() allows more types of 
pluggable protocols than necessary, and this could potentially allow 
an attacker to access user information, invoke executables already 
present on a user's local system or load malicious code onto a user's
local system.

The requirements to exploit this vulnerability are the same as for 
the issue described above: an attacker would have to host and lure a 
user to a malicious web site. In this scenario, the attacker could 
open a showHelp window to a known local file on the visiting user's 
local system and gain access to information from that file by sending
a specially crafted URL to a second showHelp window. The attacker 
could also potentially access user information or run code of 
attacker's choice.

This cumulative patch will cause window.showHelp( ) to cease to 
function. When the latest HTML Help update - which is being released 
via Windows Update with this patch - is installed, window.showHelp( )
will function again, but with some limitations (see the caveats 
section later in this bulletin). This has been necessary in order to 
block the attack vector that might allow a web site operator to 
invoke an executable that was already present on a user's local 
system.

*Maximum Severity Rating: Critical*

Affected Software:

Microsoft Internet Explorer 5.01 
Microsoft Internet Explorer 5.5 
Microsoft Internet Explorer 6.0

Download locations for this patch

http://www.microsoft.com/windows/ie/downloads/critical/810847/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-004.asp

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

Hiya

Help and Support Center provides a centralized facility through 
which users can obtain assistance on a variety of topics. For 
instance, it provides product documentation, assistance in 
determining hardware compatibility, access to Windows Update, 
online help from Microsoft, and other assistance. Users and 
programs can execute URL links to Help and Support Center by 
using the "hcp://" prefix in a URL link instead of "http://".

A security vulnerability is present in the Windows Me version of 
Help and Support Center, and results because the URL Handler for 
the "hcp://" prefix contains an unchecked buffer.

An attacker could exploit the vulnerability by constructing a URL 
that,when clicked on by the user, would execute code of the 
attacker's choice in the Local Computer security context. The URL 
could be hosted on a web page, or sent directly to the user in 
email. In the web based scenario, where a user then clicked on 
the URL hosted on a website, an attacker could have the ability 
to read or launch files already present on the local machine. In 
the case of an e-mail borne attack, if the user was using Outlook 
Express 6.0 or Outlook 2002 in their default configurations, or 
Outlook 98 or 2000 in conjunction with the Outlook Email Security 
Update, then an attack could not be automated and the user would 
still need to click on a URL sent in e-mail. However if the user 
was not using Outlook Express 6.0 or Outlook 2002 in their 
default configurations, or Outlook 98 or 2000 in conjunction with 
the Outlook Email Security Update, the attacker could cause an 
attack to trigger automatically without the user having to click 
on a URL contained in an e-mail.

*Maximum Severity Rating: Critical*

Download locations for this patch 
Microsoft Windows Me:

http://windowsupdate.microsoft.com/

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-006.asp

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

Hiya

Help and Support Center provides a centralized facility through 
which users can obtain assistance on a variety of topics. For 
instance, it provides product documentation, assistance in 
determining hardware compatibility, access to Windows Update, 
online help from Microsoft, and other assistance. Users and 
programs can execute URL links to Help and Support Center by 
using the "hcp://" prefix in a URL link instead of "http://".

A security vulnerability is present in the Windows Me version of 
Help and Support Center, and results because the URL Handler for 
the "hcp://" prefix contains an unchecked buffer.

An attacker could exploit the vulnerability by constructing a URL 
that,when clicked on by the user, would execute code of the 
attacker's choice in the Local Computer security context. The URL 
could be hosted on a web page, or sent directly to the user in 
email. In the web based scenario, where a user then clicked on 
the URL hosted on a website, an attacker could have the ability 
to read or launch files already present on the local machine. In 
the case of an e-mail borne attack, if the user was using Outlook 
Express 6.0 or Outlook 2002 in their default configurations, or 
Outlook 98 or 2000 in conjunction with the Outlook Email Security 
Update, then an attack could not be automated and the user would 
still need to click on a URL sent in e-mail. However if the user 
was not using Outlook Express 6.0 or Outlook 2002 in their 
default configurations, or Outlook 98 or 2000 in conjunction with 
the Outlook Email Security Update, the attacker could cause an 
attack to trigger automatically without the user having to click 
on a URL contained in an e-mail.

*Maximum Severity Rating: Critical*

Download locations for this patch 
Microsoft Windows Me:

http://windowsupdate.microsoft.com/

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-006.asp

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

Courtesy of Whitphil:

http://www.macromedia.com/devnet/security/security_zone/mpsb03-03.html


----------



## eddie5659 (Mar 19, 2001)

Hiya

The Windows Script Engine provides Windows operating systems with 
the ability to execute script code. Script code can be used to add 
functionality to web pages, or to automate tasks within the 
operating system or within a program. Script code can be written in 
several different scripting languages, such as Visual Basic Script, 
or JScript.

A flaw exists in the way by which the Windows Script Engine for 
JScript processes information. An attacker could exploit the 
vulnerability by constructing a web page that, when visited by the 
user, would execute code of the attacker's choice with the user's 
privileges. The web page could be hosted on a web site, or sent 
directly to the user in email.

Although Microsoft has supplied a patch for this vulnerability and 
recommends all affected customers install the patch immediately, 
additional preventive measures have been provided that customers 
can use to help block the exploitation of this vulnerability while 
they are assessing the impact and compatibility of the patch. These 
temporary workarounds are discussed in the "Workarounds" section in 
the Frequently Asked Questions section of the security bulletin for 
this release.

Maximum Severity Rating: Critical

Affected Software:

Microsoft Windows 98 
Microsoft Windows 98 Second Edition 
Microsoft Windows Me 
Microsoft Windows NT 4.0 
Microsoft Windows NT 4.0 Terminal Server Edition 
Microsoft Windows 2000 
Microsoft Windows XP

Download locations for this patch 
The patches for all Windows systems are available via Windows Update. In addition, these patches are also available for download to allow the patches to be manually installed.

Windows 98 and Windows 98 SE:

http://www.microsoft.com/windows98/downloads/contents/WUCritical/q814078/default.asp

Windows Me:

http://windowsupdate.microsoft.com/

Windows NT 4.0:

http://microsoft.com/downloads/deta...D9-5E2C-45BF-9424-55D7C5D2221B&displaylang=en

Windows NT 4.0, Terminal Server Edition:

http://microsoft.com/downloads/deta...D9-5E2C-45BF-9424-55D7C5D2221B&displaylang=en

Windows 2000:

http://microsoft.com/downloads/deta...D4-B4D6-49D5-8C58-199BDC731B64&displaylang=en

Windows XP Home Edition and Professional Edition:

http://microsoft.com/downloads/deta...D4-B4D6-49D5-8C58-199BDC731B64&displaylang=en

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-008.asp

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp

Here we go again...

Technical description: 
The Microsoft VM is a virtual machine for the Win32® operating environment. The Microsoft VM is shipped in most versions of Windows (a complete list is available in the FAQ), as well as in most versions of Internet Explorer. 
The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail. 
Mitigating factors: 
In order to exploit this vulnerability via the web-based attack vector, the attacker would need to entice a user into visiting a web site that the attacker controlled. The vulnerability themselves provide no way to force a user to a web site. 
Java applets are disabled within the Restricted Sites Zone. As a result, any mail client that opened HTML mail within the Restricted Sites Zone, such as Outlook 2002, Outlook Express 6, or Outlook 98 or 2000 when used in conjunction with the Outlook Email Security Update, would not be at risk from the mail-based attack vector. 
The vulnerability would gain only the privileges of the user, so customers who operate with less than administrative privileges would be at less risk from the vulnerability. 
Corporate IT administrators could limit the risk posed to their users by using application filters at the firewall to inspect and block mobile code.

Severity Rating:

Microsoft VM
Critical

The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them. 
Vulnerability identifier: CAN-2003-0111


----------



## eddie5659 (Mar 19, 2001)

Hiya

MHTML stands for MIME Encapsulation of Aggregate HTML. MHTML is an 
Internet standard that defines the MIME (Multipurpose Internet Mail 
Extensions) structure used to send HTML content in e-mail message 
bodies. The MHTML URL Handler in Windows is part of Outlook Express 
and provides a URL type that can be used on the local machine. This 
URL type (MHTML://) allows MHTML documents to be launched from a 
command line, from Start/Run, using Windows Explorer or from within 
Internet Explorer.

A vulnerability exists in the MHTML URL Handler that allows any 
file that can be rendered as text to be opened and rendered as part 
of a page in Internet Explorer. As a result, it would be possible 
to construct a URL that referred to a text file that was stored on 
the local computer and have that file render as HTML. If the text 
file contained script, that script would execute when the file was 
accessed. Since the file would reside on the local computer, it 
would be rendered in the Local Computer Security Zone. Files that 
are opened within the Local Computer Zone are subject to fewer 
restrictions than files opened in other security zones.

Using this method, an attacker could attempt to construct a URL and 
either host it on a website or send it via email. In the web based 
scenario, where a user then clicked on a URL hosted on a website, 
an attacker could have the ability to read or launch files already 
present on the local machine. In the case of an e-mail borne attack, 
if the user was using Outlook Express 6.0 or Outlook 2002 in their 
default configurations, or Outlook 98 or 2000 in conjunction with 
the Outlook Email Security Update, then an attack could not be 
automated and the user would still need to click on a URL sent in 
the e-mail. However if the user was not using Outlook Express 6.0 
or Outlook 2002 in their default configurations, or Outlook 98 or 
2000 in conjunction with the Outlook Email Security Update, the 
attacker could cause an attack to trigger automatically without the 
user having to click on a URL contained in an e-mail. In both the 
web based and e-mail based cases, any limitations on the user's 
privileges would also restrict the capabilities of the attacker's 
script.

Applying the update listed in Microsoft Security Bulletin MS03-004 
- -- Cumulative Patch for Internet Explorer-will help block an 
attacker from being able to load a file onto a user's computer and 
prevent the passing of parameters to an executable. This means that 
an attacker could only launch a program that already existed on the 
computer-provided the attacker was aware of the location of the 
program-and would not be able to pass parameters to the program for 
it to execute.

MHTML is a standard for exchanging HTML content in e-mail and as a 
result the MHTML URL Handler function has been implemented in 
Outlook Express. Internet Explorer can also render MHTML content, 
however the MHTML function has not been implemented separately in 
Internet Explorer - it simply uses Outlook Express to render the 
MHTML content.

*Maximum Severity Rating: Critical *

Affected Software:

Microsoft Outlook Express 5.5 
Microsoft Outlook Express 6.0

Download locations for this patch

Microsoft Outlook Express

http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-014.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

This is a cumulative patch that includes the functionality of all 
previously released patches for Internet Explorer 5.01, 5.5 and 
6.0. In addition, it eliminates the following four newly discovered 
vulnerabilities:

- -A buffer overrun vulnerability in URLMON.DLL that occurs because 
Internet Explorer does not correctly check the parameters of 
information being received from a web server. It could be possible 
for an attacker to exploit this vulnerability to run arbitrary code 
on a user's system. A user simply visiting an attacker's website 
could allow the attacker to exploit the vulnerability without any 
other user action.

- -A vulnerability in the Internet Explorer file upload control that 
allows input from a script to be passed to the upload control. This 
vulnerability could allow an attacker to supply a file name to the 
file upload control and automatically upload a file from the user's 
system to a web server.

- -A flaw in the way Internet Explorer handles the rendering of third 
party files. The vulnerability results because the Internet 
Explorer method for rendering third party file types does not 
properly check parameters passed to it. An attacker could create a 
specially formed URL that would inject script during the rendering 
of a third party file format and cause the script to execute in the 
security context of the user.

- -A flaw in the way modal dialogs are treated by Internet Explorer 
that occurs because an input parameter is not properly checked. 
This flaw could allow an attacker to use an injected script to 
provide access to files stored on a user's computer. Although a 
user who visited the attacker's website could allow the attacker to 
exploit the vulnerability without any other user action, an 
attacker would have no way to force the user to visit the website.

In addition to eliminating the above vulnerabilities, this patch 
also includes a fix for Internet Explorer 6.0 SP1 that corrects the 
method by which Internet Explorer displays help information in the 
local computer zone. While we are not aware of a method to exploit 
this vulnerability by itself, if it were possible to exploit it, it 
could allow an attacker to read local files on a visiting user's 
system.

This patch also sets the Kill Bit on the Plugin.ocx ActiveX control 
which has a security vulnerability. This killbit has been set in 
order to ensure that the vulnerable control cannot be reintroduced 
onto users' systems and to ensure that users who already have the 
vulnerable control on their system are protected. This issue is 
discussed further in Microsoft Knowledge Base Article 813489.

Like the previous Internet Explorer cumulative patch released with 
bulletin MS03-004, this cumulative patch will cause 
window.showHelp( ) to cease to function if you have not applied the 
HTML Help update. If you have installed the updated HTML Help 
control from Knowledge Base article 811830, you will still be able 
to use HTML Help functionality after applying this patch.

*Maximum Severity Rating: Critical *

Affected Software:

Microsoft Internet Explorer 5.01 
Microsoft Internet Explorer 5.5 
Microsoft Internet Explorer 6.0

Download locations for this patch

http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-015.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Microsoft Windows Media Player provides functionality to change the
overall appearance of the player itself through the use of "skins".
Skins are custom overlays that consist of collections of one or
more files of computer art, organized by an XML file. The XML file
tells Windows Media Player how to use these files to display a skin
as the user interface. In this manner, the user can choose from a
variety of standard skins, each one providing an additional visual
experience. Windows Media Player comes with several skins to choose
from, but it is relatively easy to create and distribute custom
skins.

A flaw exists in the way Windows Media Player 7.1 and Windows
Media Player for Windows XP handle the download of skin files.
The flaw means that an attacker could force a file masquerading
as a skin file into a known location on a user's machine.
This could allow an attacker to place a malicious executable
on the system.

In order to exploit this flaw, an attacker would have to host a
malicious web site that contained a web page designed to exploit
this particular vulnerability and then persuade a user to visit
that site - an attacker would have no way to force a user to the
site. An attacker could also embed the link in an HTML e-mail and
send it to the user.

In the case of an e-mail borne attack, if the user was using
Outlook Express 6.0 or Outlook 2002 in their default
configurations, or Outlook 98 or 2000 in conjunction with the
Outlook Email Security Update, then an attack could not be
automated and the user would still need to click on a URL sent
in the e-mail. However if the user was not using Outlook Express
6.0 or Outlook 2002 in their default configurations, or Outlook
98 or 2000 in conjunction with the Outlook Email Security Update,
the attacker could cause an attack that could both place, then
launch the malicious executable without the user having to click
on a URL contained in an e-mail.

The attacker's code would run with the same privileges as the
user: any restrictions on the user's ability to change the system
would apply to the attacker's code.

*Maximum Severity Rating: Critical*

Affected Software:

Microsoft Windows Media Player 7.1 
Microsoft Windows Media Player for Windows XP (Version 8.0)

Download locations for this patch

Microsoft Windows Media Player 7.1:

http://microsoft.com/downloads/deta...3A-77D1-4F6F-9338-5A6332614532&displaylang=en

Microsoft Windows Media Player for Windows XP (Version 8.0):

http://microsoft.com/downloads/deta...50-0633-4100-AB37-D7A68D51182F&displaylang=en

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-017.asp

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

http://www.informationweek.com/story/showArticle.jhtml?articleID=9901256

Windows Updates sometimes cause more harm than good. What's the best way to handle them?
By Fred Langa

Langa Letter: Microsoft's Problematic Updates May 18, 2003

Windows Updates sometimes cause more harm than good. What's the best way to handle them?
By Fred Langa

There's good news, there's bad news, and then there's even worse news. 
The good news is that Microsoft has an extremely active Windows Update service, delivering a steady stream of bug fixes, patches, and updates for Windows and its essential subsystems, such as Internet Explorer.

The bad news is that Microsoft needs this service to be extremely active, because there are a lot of problems in Windows software and because malicious hackers work harder to find exploitable security flaws in Windows than in any other type of software.

The worse news is that, sometimes, Microsoft patches and updates cause more trouble than the problem they're trying to remedy: The cure can be worse than the disease.

For example, it happened again just in the last couple of weeks with security patch 811493; an NT/Windows 2000/XP update designed to correct a security problem in the Windows kernel. Microsoft described the problem this way:

"The Windows kernel is the core of the operating system. It provides system-level services such as device and memory management, allocates processor time to processes, and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. This flaw causes vulnerability. An attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system, including deleting data, adding accounts with administrative access, or reconfiguring the system."

Microsoft rated this patch as "Important," and it clearly is. Millions of users downloaded and installed it. And then the trouble started: Huge numbers of users saw a tremendous slowdown in their systems after installing the patch. For a hint of the scope of the problem, here's just one (of many) Usenet discussion threads on the subject, this particular example from the microsoft.public.windowsxp.security_admin group.

Eventually, Microsoft reacted, but ineffectually, in a new item called "You May Experience Performance Issues After You Install the 811493 Package on Your Windows XP SP1-Based Computer."

In that item, Microsoft acknowledges the problem, and traces it to "a regression error in the Windows XP SP1 versions of the kernel files (Ntoskrnl.exe, Ntkrnlmp.exe, Ntkrnlpa.exe, and Ntkrpamp.exe) that are included in the 811493 security update." Microsoft also agreed with what the user community had discovered much earlier; that "This problem may be more likely to occur if you use some features of some third-party programs, such as antivirus programs. For example, this problem may occur if your antivirus program is configured to scan all files when you open (or you run) them. This is sometimes called 'real-time' scanning."

But the only fix Microsoft has offered is to wait for a new version of patch 811493 to be released. This is hardly a satisfactory answer, and it's made worse by the two clumsy workarounds that Microsoft has suggested as stopgaps: 
You can, for example, simply remove the 811493 update. You normally do this via the Control Panel's Add/Remove applet, but this causes two new problems. First, the usual method of patch removal triggers the "System Restore" feature, which rolls the system state back to a point just before the patch was installed. This removes the patch, but also removes any other system alterations or customizations you may have installed after the patch. This could be an annoyance on a single machine, or an enormous and expensive headache if you're responsible for large numbers of machines. Second, after you've gone through the system rollback, you're left back at square one: The security vulnerability that the patch was designed to fix is now back in full force. The second Microsoft-recommended workaround is even worse: They suggest you "temporarily turn off real-time scanning in your antivirus program." So, you can fix the problem in the Windows kernel, but at the expense of having to run without antivirus protection. That's nuts.

On its own, the Windows user community came up with a better approach that works in many cases:

Update your antivirus software with all current definitions, program updates, etc. 
Reboot the PC to make sure all updates are fully enabled. 
Use the antivirus tools' control panel or settings to disable all scanning, especially any "autoprotect" or "real-time" scanning. 
Reinstall patch #811493. 
Reboot. 
Re-enable your antivirus tool. 
But even if that helps, it's still a time-consuming hassle--bad enough for those with single-machine installations, and a nightmare for those who might have to take the above steps on many machines.

Of course, all the above is the result of just one bad patch, so this leads us squarely to the broader question of what to do about Microsoft updates in general. How can we avoid the time-wasting problems caused by bad patches? Indeed, how can you tell whether a patch is worth installing in the first place?

The hassles with patch 811493 show why I've previously recommended manual installation of all Windows Update items. (See, for example, "10 Ways To Make Windows XP Run Better"; and a related item on making the best use of the "System Restore" feature) With manual installation, you're in control of what gets updated and when. You can defer installation of updates until you've had a chance to see what they do, what they might affect, and how others have fared. (Usenet can be an invaluable ally in this: Simply search Usenet for a given patch, using the patch's numeric designation as the search term, like this. http://groups.google.com/groups?
q=811493&hl=en&btnG=Google+Search ) 
Plus, configuring all the PCs you control so that they only update on demand--by manual control--means you can try a new patch on a test machine or on your own set up under controlled circumstances. Then, once you're sure a patch is worth having, and that it doesn't cause undesirable side effects, you can roll out the patch on the rest of the PCs. If the patch doesn't work out, you have only one system to restore to pre-patch status.

Some people consider this to be excessively cautious; they prefer to reserve the small-test/large-rollout model only for wholesale system changes such as whole new operating system versions. But I've found Windows Update items to be just dangerous enough to warrant a fairly high degree of caution, such that I never, ever, let my main production PCs automatically update themselves, even for updates that Microsoft calls "Critical."

Instead, I'll check out Critical Updates via the above process, usually waiting at least a day or two before taking any action (so others can serve as bellwethers, and post their experiences on Usenet). Lower-rated updates get pushed further down the to-do list, and get tested and installed on an as-time-permits basis.

But what's your experience? Do you accept the default/recommended settings and let Windows manage its own updates, automatically? If so, has the process been reliable, or have you ever had to undo an update? If you opt for manual updates, how often do you check for updates, and how do you evaluate whether a given patch or update is both worthwhile and safe? Let's pool our knowledge, and see if we can lay out a strategy that yields the benefits of having an updated operating system, but without undue risks of system slowdowns or other problems! Join in the discussion!

Original forum thread:

http://forums.techguy.org/t134383/s.html


----------



## eddie5659 (Mar 19, 2001)

Hiya

This is a cumulative patch that includes the functionality of all 
previously released patches for Internet Explorer 5.01, 5.5 and 6.0. 
In addition, it eliminates two newly discovered vulnerabilities:

- A buffer overrun vulnerability that occurs because Internet 
Explorer does not properly determine an object type returned from a 
web server. It could be possible for an attacker who exploited this 
vulnerability to run arbitrary code on a user's system. If a user 
visited an attacker's website, it would be possible for the attacker 
to exploit this vulnerability without any other user action. An 
attacker could also craft an HTML email that attempted to exploit 
this vulnerability.

- A flaw that results because Internet Explorer does not implement 
an appropriate block on a file download dialog box. It could be 
possible for an attacker to exploit this vulnerability to run 
arbitrary code on a user's system. If a user simply visited an 
attacker's website, it would be possible for the attacker to exploit 
this vulnerability without any other user action. An attacker could 
also craft an HTML email that attempted to exploit this 
vulnerability.

In order to exploit these flaws, the attacker would have to create a 
specially formed HTML email and send it to the user. Alternatively 
an attacker would have to host a malicious web site that contained a 
web page designed to exploit these vulnerabilities. The attacker 
would then have to persuade a user to visit that site.

As with the previous Internet Explorer cumulative patches released 
with bulletins MS03-004 and MS03-015, this cumulative patch will 
cause window.showHelp( ) to cease to function if you have not 
applied the HTML Help update. If you have installed the updated HTML 
Help control from Knowledge Base article 811630, you will still be 
able to use HTML Help functionality after applying this patch.

*Maximum Severity Rating: Critical*

Affected Software:

Microsoft Internet Explorer 5.01 
Microsoft Internet Explorer 5.5 
Microsoft Internet Explorer 6.0 
Microsoft Internet Explorer 6.0 for Windows Server 2003

Download locations for this patch:

All version except Microsoft Internet Explorer 6.0 for Windows Server 2003 

Microsoft Internet Explorer 6.0 for Windows Server 2003 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-020.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

All versions of Microsoft Windows contain support for file 
conversion within the operating system. This functionality allows 
users of Microsoft Windows to convert file formats from one to 
another. In particular, Microsoft Windows contains support for 
HTML conversion within the operating system. This functionality 
allows users to view, import, or save files as HTML.

There is a flaw in the way the HTML converter for Microsoft 
Windows handles a conversion request during a cut-and-paste 
operation. This flaw causes a security vulnerability to exist. A 
specially crafted request to the HTML converter could cause the 
converter to fail in such a way that it could execute code in the 
context of the currently logged-in user. Because this 
functionality is used by Internet Explorer, an attacker could 
craft a specially formed Web page or HTML e-mail that would cause 
the HTML converter to run arbitrary code on a user's system. A 
user visiting an attacker's Web site could allow the attacker to 
exploit the vulnerability without any other user action.

To exploit this vulnerability, the attacker would have to create 
a specially-formed HTML e-mail and send it to the user. 
Alternatively, an attacker would have to host a malicious Web 
site that contains a Web page designed to exploit this 
vulnerability. The attacker would then have to persuade a user to 
visit that site.

*Maximum Severity Rating: Critical*

Affected Software:

Microsoft Windows 98 
Microsoft Windows 98 Second Edition 
Microsoft Windows Me 
Microsoft Windows NT 4.0 Server 
Microsoft Windows NT 4.0 Terminal Server Edition 
Microsoft Windows 2000 
Microsoft Windows XP 
Microsoft Windows Server 2003

Download locations for this patch

Windows NT 4.0 Server 

Windows NT 4.0 Terminal Server Edition 

Windows 2000 

Windows XP 32 bit Edition 

Windows XP 64 bit Edition 

Windows Server 2003 32 bit Edition 

Windows Server 2003 64 bit Edition

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-023.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Microsoft Windows 2000 contains support for Accessibility options 
within the operating system. Accessibility support is a series of 
assistive technologies within Windows that allow users with 
disabilities to still be able to access the functions of the 
operating system. Accessibility support is enabled or disabled 
through shortcuts built into the operating system, or through the 
Accessibility Utility Manager. Utility Manager is an 
accessibility utility that allows users to check the status of 
accessibility programs (Microsoft Magnifier, Narrator, On-Screen 
Keyboard) and to start or stop them.

There is a flaw in the way that Utility Manager handles Windows 
messages. Windows messages provide a way for interactive 
processes to react to user events (for example, keystrokes or 
mouse movements) and communicate with other interactive 
processes. A security vulnerability results because the control 
that provides the list of accessibility options to the user does 
not properly validate Windows messages sent to it. It's possible 
for one process in the interactive desktop to use a specific 
Windows message to cause the Utility Manager process to execute a 
callback function at the address of its choice. Because the 
Utility Manager process runs at higher privileges than the first 
process, this would provide the first process with a way of 
exercising those higher privileges.

By default, the Utility Manager contains controls that run in the 
interactive desktop with Local System privileges. As a result, an 
attacker who had the ability to log on to a system interactively 
could potentially run a program that could send a specially 
crafted Windows message upon the Utility Manager process, causing 
it to take any action the attacker specified. This would give the 
attacker complete control over the system.

The attack cannot be exploited remotely, and the attacker would 
have to have the ability to interactively log on to the system.

*Maximum Severity Rating: Important *

Affected Software:

Microsoft Windows 2000

Download locations for this patch

Microsoft Windows 2000:

http://microsoft.com/downloads/deta...AC-E13A-4E8A-BE25-85E7DF686F61&displaylang=en

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-025.asp

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

http://support.microsoft.com/default.aspx?scid=kb;en-us;823559

SYMPTOMS
All versions of Microsoft Windows contain support for file conversion in the operating system. With this functionality, users of Microsoft Windows can convert file formats from one to another. In particular, Microsoft Windows contains support for HTML conversion in the operating system. With this functionality, users can view, import, or save files as HTML.

There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. A vulnerability exists because a specially crafted request to the HTML converter could cause the converter to fail in such a way that it could run code in the context of the currently logged-on user. Because Microsoft Internet Explorer uses this functionality, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's computer. When a user visits an attackers Web site, the attacker could exploit the vulnerability without any other user action.

To exploit this vulnerability, the attacker would have to create a specially formed HTML e-mail and send it to the user. Alternatively, an attacker would have to host a malicious Web site that contains a Web page designed to exploit these vulnerabilities. The attacker would then have to persuade a user to visit that site.

By default, Outlook Express 6.0 and Outlook 2002 open HTML mails in the Restricted Sites Zone. Additionally, Outlook 98 and 2000 open HTML mails in the Restricted Sites Zone if the Outlook E-mail Security Patch has been installed. Customers who use any of these products would be at no risk from an e-mail borne attack that tried to automatically exploit these vulnerabilities. The attacker would have no way to force users to visit a malicious Web site. Instead, the attacker would have to lure them there, typically by having them click a link that takes them to the attacker's site.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Remote Procedure Call (RPC) is a protocol used by the Windows 
operating system. RPC provides an inter-process communication 
mechanism that allows a program running on one computer to 
seamlessly execute code on a remote system. The protocol itself 
is derived from the OSF (Open Software Foundation) RPC protocol, 
but with the addition of some Microsoft specific extensions.

There is a vulnerability in the part of RPC that deals with 
message exchange over TCP/IP. The failure results because of 
incorrect handling of malformed messages. This particular 
vulnerability affects a Distributed Component Object Model (DCOM) 
interface with RPC, which listens on TCP/IP port 135. This 
interface handles DCOM object activation requests sent by client 
machines (such as Universal Naming Convention (UNC) paths) to the 
server.

To exploit this vulnerability, an attacker would need to send a 
specially formed request to the remote computer on port 135.

*Maximum Severity Rating: Critical*

Affected Software:

Microsoft Windows NT® 4.0 
Microsoft Windows NT 4.0 Terminal Services Edition 
Microsoft Windows 2000 
Microsoft Windows XP 
Microsoft Windows Server 2003

Download locations for this patch

Windows NT 4.0 Server 

Windows NT 4.0 Terminal Server Edition 

Windows 2000 

Windows XP 32 bit Edition 

Windows XP 64 bit Edition 

Windows Server 2003 32 bit Edition 

Windows Server 2003 64 bit Edition

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

The Windows shell is responsible for providing the basic 
framework of the Windows user interface experience. It is most 
familiar to users as the Windows desktop. It also provides a 
variety of other functions to help define the user's computing 
session, including organizing files and folders, and providing 
the means to start programs.

An unchecked buffer exists in one of the functions used by the 
Windows shell to extract custom attribute information from 
certain folders. A security vulnerability results because it is 
possible for a malicious user to construct an attack that could 
exploit this flaw and execute code on the user's system.

An attacker could seek to exploit this vulnerability by creating 
a Desktop.ini file that contains a corrupt custom attribute, and 
then host it on a network share. If a user were to browse the 
shared folder where the file was stored, the vulnerability could 
then be exploited. A successful attack could have the effect of 
either causing the Windows shell to fail, or causing an 
attacker's code to run on the user's computer in the security 
context of the user.

*Maximum Severity Rating: Important*

Affected Software: Affected Software:

Microsoft Windows XP

Download locations for this patch

Microsoft Windows XP 32 bit Edition

Microsoft Windows XP 64 bit Edition 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-027.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

DirectX consists of a set of low-level Application Programming 
Interfaces (APIs) that are used by Windows programs for multimedia 
support. Within DirectX, the DirectShow technology performs client-
side audio and video sourcing, manipulation, and rendering.

There are two buffer overruns with identical effects in the 
function used by DirectShow to check parameters in a Musical 
Instrument Digital Interface (MIDI) file. A security vulnerability 
results because it would be possible for a malicious user to 
attempt to exploit these flaws and execute code in the security 
context of the logged-on user.

An attacker could seek to exploit this vulnerability by creating a 
specially crafted MIDI file designed to exploit this vulnerability 
and then host it on a Web site or on a network share, or send it by 
using an HTML-based e-mail. In the case where the file was hosted 
on a Web site or network share, the user would need to open the 
specially crafted file. If the file was embedded in a page the 
vulnerability could be exploited when a user visited the Web page. 
In the HTML-based e-mail case, the vulnerability could be exploited 
when a user opened or previewed the HTML-based e-mail. A successful 
attack could cause DirectShow, or an application making use of 
DirectShow, to fail. A successful attack could also cause an 
attacker's code to run on the user's computer in the security 
context of the user.

*Maximum Severity Rating: Critical *

Affected Software:

Microsoft DirectX® 5.2 on Windows 98 
Microsoft DirectX 6.1 on Windows 98 SE 
Microsoft DirectX 7.0a on Windows Millennium Edition 
Microsoft DirectX 7.0 on Windows 2000 
Microsoft DirectX 8.1 on Windows XP 
Microsoft DirectX 8.1 on Windows Server 2003 
Microsoft DirectX 9.0a when installed on Windows Millennium Edition 
Microsoft DirectX 9.0a when installed on Windows 2000 
Microsoft DirectX 9.0a when installed on Windows XP 
Microsoft DirectX 9.0a when installed on Windows Server 2003 
Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed. 
Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.

Download locations for this patch

Microsoft DirectX 5.2, DirectX 6.1 and DirectX 7.0a on Windows 98, Windows 98 SE and Windows Millennium Edition

Note: Windows 98, Windows 98 SE and Windows Millennium Edition users who are running a version of DirectX earlier than DirectX 9.0a must upgrade to DirectX 9.0b.

Microsoft DirectX 7.0 on Windows 2000 

Microsoft DirectX 8.1 on Windows XP 32-bit Edition 

Microsoft DirectX 8.1 on Windows XP 64-bit Edition 

Microsoft DirectX 8.1 on Windows Server 2003 32-bit Edition 

Microsoft DirectX 8.1 on Windows Server 2003 64-bit Edition 

Microsoft DirectX 9.0a: All Windows versions 

Microsoft Windows NT 4.0 

Microsoft Windows NT 4.0, Terminal Server Edition 

Note: DirectX 9.0b has been released at the same time as this security bulletin and contains the security fix discussed in the security bulletin. DirectX 9.0b can be installed on all versions of Windows except Windows NT 4.0 and can be downloaded from the following location:

All Windows Versions except Windows NT 4.0 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-030.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Update for Unchecked Buffer in DirectX Could Enable System Compromise

Microsoft DirectX 8.0, Direct X8.0a, DirectX 8.1, DirectX 8.1a, and DirectX 8.1b on Windows 98, Windows 98 SE, Windows Millennium Edition, or Windows 2000 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-030.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Microsoft Data Access Components (MDAC) is a collection of 
components that are used to provide database connectivity on 
Windows platforms. MDAC is a ubiquitous technology, and it is 
likely to be present on most Windows systems:

- By default, MDAC is included by default as part of Microsoft
Windows XP, Windows 2000, Windows Millennium Edition, and
Windows Server 2003. (It is worth noting, though, that the
version that is installed by Windows Server 2003 does not have
this vulnerability.) 
- MDAC is available for download as a stand-alone technology. 
- MDAC is either included in or installed by a number of other
products and technologies. For example, MDAC is included in
the Microsoft Windows NT(r) 4.0 Option Pack and in Microsoft SQL
Server 2000. Additionally, some MDAC components are present as
part of Microsoft Internet Explorer even when MDAC itself is
not installed.

MDAC provides the underlying functionality for a number of 
database operations, such as connecting to remote databases and 
returning data to a client. When a client system on a network 
tries to see list of computers that are running SQL Server and 
that reside on the network, it sends a broadcast request to all 
the devices that are on the network. Due to a flaw in a specific 
MDAC component, an attacker could respond with a specially 
crafted packet that could cause a buffer overflow.

An attacker who successfully exploited this flaw could gain the 
same level of privileges over the system as the application that 
initiated the broadcast request. The actions an attacker could 
carry out would be dependent on the permissions which the 
application using MDAC ran under. If the application ran with 
limited privileges, an attacker would be limited accordingly; 
however, if the application runs under the local system context, 
the attacker would have the same level of permissions. This could 
include creating, modifying, or deleting data on the system, or 
reconfiguring the system. This could also include reformatting 
the hard disk or running programs of the attacker's choice.

This bulletin supercedes the patch discussed in MS02-040. 
Customers should install this patch as it contains the fix for 
the vulnerability discussed in bulletin MS02-040 and the patch 
discussed in this bulletin.

*Maximum Severity Rating: Important*

Affected Software:

Microsoft Data Access Components 2.5 
Microsoft Data Access Components 2.6 
Microsoft Data Access Components 2.7 
Not Affected Software: 
Microsoft Data Access Components 2.8 
An End User version of the bulletin is available at:

http://www.microsoft.com/security/security_bulletins/ms03-033.asp

Microsoft Data Access Components (MDAC) is a collection of components that are used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems:

By default, MDAC is included by default as part of Microsoft Windows XP, Windows 2000, Windows Millennium Edition, and Windows Server 2003. (It is worth noting, though, that the version that is installed by Windows Server 2003 does not have this vulnerability). 
MDAC is available for download as a stand-alone technology. 
MDAC is either included in or installed by a number of other products and technologies. For example, MDAC is included in the Microsoft Windows NT® 4.0 Option Pack and in Microsoft SQL Server 2000. Additionally, some MDAC components are present as part of Microsoft Internet Explorer even when MDAC itself is not installed.

Download locations for this patch 
MDAC:

All affected versions 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-033.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

This is a cumulative patch that includes the functionality of all 
previously released patches for Internet Explorer 5.01, 5.5 and 
6.0. In addition, it eliminates the following newly discovered 
vulnerabilities:

- A vulnerability involving the cross-domain security model of 
Internet Explorer, which keeps windows of different domains from 
sharing information. This flaw could result in the execution of 
script in the My Computer zone. To exploit this flaw, an attacker 
would have to host a malicious Web site that contained a Web page 
designed to exploit this particular vulnerability and then 
persuade a user to visit that site. After the user has visited 
the malicious Web site, it would be possible for the attacker to 
run malicious script by misusing the method Internet Explorer 
uses to retrieve files from the browser cache, and cause that 
script to access information in a different domain. In the worst 
case, this could enable the Web site operator to load malicious 
script code onto a user's system in the security context of the 
My Computer zone. In addition, this flaw could also enable an 
attacker to run an executable file that was already present on 
the local system or view files on the computer. The flaw exists 
because a file from the Internet or intranet with a maliciously 
constructed URL can appear in the browser cache running in the My 
Computer zone.

- A vulnerability that occurs because Internet Explorer does not 
properly determine an object type returned from a Web server. It 
could be possible for an attacker who exploited this 
vulnerability to run arbitrary code on a user's system. If a user 
visited an attacker's Web site, it would be possible for the 
attacker to exploit this vulnerability without any other user 
action. An attacker could also craft an HTML-based e-mail that 
would attempt to exploit this vulnerability.

This patch also sets the Kill Bit on the BR549.DLL ActiveX 
control. This control implemented support for the Windows 
Reporting Tool, which is no longer supported by Internet 
Explorer. The control has been found to contain a security 
vulnerability. To protect customers who have this control 
installed, the patch prevents the control from running or from 
being reintroduced onto users' systems by setting the Kill Bit 
for this control. This issue is discussed further in Microsoft 
Knowledge Base article 822925.

In addition to these vulnerabilities, a change has been made to 
the way Internet Explorer renders HTML files. This change 
addresses a flaw in the way Internet Explorer renders Web pages 
that could cause the browser or Outlook Express to fail. Internet 
Explorer does not properly render an input type tag. A user 
visiting an attacker's Web site could allow the attacker to 
exploit the vulnerability by viewing the site. In addition, an 
attacker could craft a specially formed HTML-based e-mail that 
could cause Outlook Express to fail when the e-mail was opened or 
previewed.

This patch also contains a modification to the fix for the Object 
Type vulnerability (CAN-2003-0344) corrected in Microsoft 
Security Bulletin MS03-020. The modification corrects the 
behavior of the fix to prevent the attack on specific languages.

To exploit these flaws, the attacker would have to create a 
specially formed HTML-based e-mail and send it to the user. 
Alternatively an attacker would have to host a malicious Web site 
that contained a Web page designed to exploit these 
vulnerabilities. The attacker would then have to persuade a user 
to visit that site.

As with the previous Internet Explorer cumulative patches 
released with bulletins MS03-004, MS03-015, and MS03-020 this 
cumulative patch will cause window.showHelp( ) to cease to 
function if you have not applied the HTML Help update. If you 
have installed the updated HTML Help control from Knowledge Base 
article 811630, you will still be able to use HTML Help 
functionality after applying this patch.

*Maximum Severity Rating: Critical*

Affected Software:

Microsoft Internet Explorer 5.01 
Microsoft Internet Explorer 5.5 
Microsoft Internet Explorer 6.0 
Microsoft Internet Explorer 6.0 for Windows Server 2003

Download locations for this patch

All version except Microsoft Internet Explorer 6.0 for Windows Server 2003 

Microsoft Internet Explorer 6.0 for Windows Server 2003 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Microsoft VBA is a development technology for developing client 
desktop packaged applications and integrating them with existing 
data and systems. Microsoft VBA is based on the Microsoft Visual 
Basic development system. Microsoft Office products include VBA 
and make use of VBA to perform certain functions. VBA can also be 
used to build customized applications based around an existing 
host application.

A flaw exists in the way VBA checks document properties passed to 
it when a document is opened by the host application. A buffer 
overrun exists which if exploited successfully could allow an 
attacker to execute code of their choice in the context of the 
logged on user.

In order for an attack to be successful, a user would have to 
open a specially crafted document sent to them by an attacker. 
This document could be any type of document that supports VBA, 
such as a Word document, Excel spreadsheet, PowerPoint 
presentation. In the case where Microsoft Word is being used as 
the HTML e-mail editor for Microsoft Outlook, this document could 
be an e-mail, however the user would need to reply to, or forward 
the mail message in order for the vulnerability to be exploited.

*Maximum Severity Rating: Critical *

Affected Software:

Microsoft Visual Basic for Applications SDK 5.0 
Microsoft Visual Basic for Applications SDK 6.0 
Microsoft Visual Basic for Applications SDK 6.2 
Microsoft Visual Basic for Applications SDK 6.3

Products which Include the Affected Software:

Microsoft Access 97 
Microsoft Access 2000 
Microsoft Access 2002 
Microsoft Excel 97 
Microsoft Excel 2000 
Microsoft Excel 2002 
Microsoft PowerPoint 97 
Microsoft PowerPoint 2000 
Microsoft PowerPoint 2002 
Microsoft Project 2000 
Microsoft Project 2002 
Microsoft Publisher 2002 
Microsoft Visio 2000 
Microsoft Visio 2002 
Microsoft Word 97 
Microsoft Word 98(J) 
Microsoft Word 2000 
Microsoft Word 2002 
Microsoft Works Suite 2001 
Microsoft Works Suite 2002 
Microsoft Works Suite 2003 
Microsoft Business Solutions Great Plains 7.5 
Microsoft Business Solutions Dynamics 6.0 
Microsoft Business Solutions Dynamics 7.0 
Microsoft Business Solutions eEnterprise 6.0 
Microsoft Business Solutions eEnterprise 7.0 
Microsoft Business Solutions Solomon 4.5 
Microsoft Business Solutions Solomon 5.0 
Microsoft Business Solutions Solomon 5.5

Download locations for this patch There are several versions of this patch, depending on which application you have that uses VBA. You are strongly advised to read the FAQ in the update entitled "There are a number of patches available for this vulnerability? Which one should I install?" in order to determine which version of the patch you should apply.

Microsoft Office 2000:

http://microsoft.com/downloads/deta...99-9C4A-4EEC-A3EC-9F738017F275&displaylang=en

Microsoft Office XP (including Publisher 2002):

http://microsoft.com/downloads/deta...B0-29E9-44E0-A33D-AD6B4B6A8FF4&displaylang=en

Microsoft Project 2000:

http://microsoft.com/downloads/deta...E7-431D-4580-9733-B92A2B7BFD0D&displaylang=en

Microsoft Project 2002:

http://microsoft.com/downloads/deta...0A-0028-488A-8209-6E07D4603CCB&displaylang=en

Microsoft Visio 2002:

http://microsoft.com/downloads/deta...90-13C2-4043-BA2A-17AF02E9C73E&displaylang=en

Microsoft VBA Patch:

http://microsoft.com/downloads/deta...BA-CD3D-458B-9729-AB9094C9BD3F&displaylang=en

The Microsoft VBA patch can be installed on systems running the following applications:

Microsoft VBA 5.0 
Microsoft VBA 6.0 
Microsoft VBA 6.2 
Microsoft VBA 6.3. 
Microsoft Access 97 
Microsoft Excel 97 
Microsoft PowerPoint 97 
Microsoft Word 97 
Microsoft Word 98(J) 
Microsoft Visio 2000 
Microsoft Works Suite 2001 
Microsoft Business Solutions Great Plains 7.5 
Microsoft Business Solutions Dynamics 6.0 
Microsoft Business Solutions Dynamics 7.0 
Microsoft Business Solutions eEnterprise 6.0 
Microsoft Business Solutions eEnterprise 7.0 
Microsoft Business Solutions Solomon 4.5 
Microsoft Business Solutions Solomon 5.0 
Microsoft Business Solutions Solomon 5.5

Microsoft recommends users visit Office Update at 
http://www.office.microsoft.com/ProductUpdates/default.aspx to detect and install this security patch and all other public updates to Office family products (note: Office Update does not support Office 97 or Visio 2000).

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-037.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

vHiya

A macro is a series of commands and instructions that can be 
grouped together as a single command to accomplish a task 
automatically. Microsoft Word supports the use of macros to allow 
the automation of commonly performed tasks. Since macros are 
executable code it is possible to misuse them, so Microsoft Word 
has a security model designed to validate whether a macro should be 
allowed to execute depending on the level of macro security the 
user has chosen.

A vulnerability exists because it is possible for an attacker to 
craft a malicious document that will bypass the macro security 
model. If the document was opened, this flaw could allow a 
malicious macro embedded in the document to be executed 
automatically, regardless of the level at which macro security is 
set. The malicious macro could take the same actions that the user 
had permissions to carry out, such as adding, changing or deleting 
data or files, communicating with a web site or formatting the hard 
drive.

The vulnerability could only be exploited by an attacker who 
persuaded a user to open a malicious document - there is no way for 
an attacker to force a malicious document to be opened.

*Maximum Severity Rating: Important *

Affected Software:

Microsoft Word 97 
Microsoft Word 98 (J) 
Microsoft Word 2000 
Microsoft Word 2002 
Microsoft Works Suite 2001 
Microsoft Works Suite 2002 
Microsoft Works Suite 2003

Download locations for this patch

Microsoft Word 2002:

http://microsoft.com/downloads/deta...FC-F424-4B04-ABEB-9B4CA1EB182D&displaylang=en

Administrative update only:

http://www.microsoft.com/office/ork/xp/journ/wrd1006a.htm

Microsoft Word 2000:

http://microsoft.com/downloads/deta...CE-E14E-4978-A9C9-6989CD03A4A3&displaylang=en

Administrative update only:

http://www.microsoft.com/office/ork/xp/journ/wrd0903a.htm

Microsoft Word 97/Microsoft Word 98(J):
Information on receiving Microsoft Word 97 & Microsoft Word 98(J) support is available at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;827647

Microsoft recommends users visit Office Update at

http://www.office.microsoft.com/ProductUpdates/default.aspx to detect and install this security patch and all other public updates to Office family products (note: Office Update does not support Office 97 or Visio 2000).

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-035.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Microsoft Office provides a number of converters that allow users 
to import and edit files that use formats that are not native to 
Office. These converters are available as part of the default 
installation of Office and are also available separately in the 
Microsoft Office Converter Pack. These converters can be useful 
to organizations that use Office in a mixed environment with 
earlier versions of Office and other applications, including 
Office for the Macintosh and third-party productivity 
applications.

There is a flaw in the way that the Microsoft WordPerfect 
converter handles Corel(r) WordPerfect documents. A security 
vulnerability results because the converter does not correctly 
validate certain parameters when it opens a WordPerfect document, 
which results in an unchecked buffer. As a result, an attacker 
could craft a malicious WordPerfect document that could allow 
code of their choice to be executed if an application that used 
the WordPerfect converter opened the document. Microsoft Word and 
Microsoft PowerPoint (which are part of the Office suite), 
FrontPage (which is available as part of the Office suite or 
separately), Publisher, and Microsoft Works Suite can all use the 
Microsoft Office WordPerfect converter.

The vulnerability could only be exploited by an attacker who 
persuaded a user to open a malicious WordPerfect document-there 
is no way for an attacker to force a malicious document to be 
opened or to trigger an attack automatically by sending an e-mail 
message.

*Maximum Severity Rating: Important *

Affected Software:

Microsoft Office 97 
Microsoft Office 2000 
Microsoft Office XP 
Microsoft Word 98 (J) 
Microsoft FrontPage 2000 
Microsoft FrontPage 2002 
Microsoft Publisher 2000 
Microsoft Publisher 2002 
Microsoft Works Suite 2001 
Microsoft Works Suite 2002 
Microsoft Works Suite 2003

Download locations for this patch

Office XP, FrontPage 2002, Publisher 2002, Works 2002, and Works 2003:

http://microsoft.com/downloads/deta...EE-6BFB-431D-B39E-2D672C0C223F&displaylang=en

Office 2000, FrontPage 2000, Publisher 2000, and Works 2001:

http://microsoft.com/downloads/deta...89-315A-411A-A739-F7181310FBA7&displaylang=en

Office 97 and Word 98(J): For information about how to receive support for Word 97 and for Word 98(J) see the following Microsoft Knowledge Base article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;827656

Microsoft recommends users visit Office Update at

http://www.office.microsoft.com/ProductUpdates/default.aspx to detect and install this security patch and all other public updates to Office family products (note: Office Update does not support Office 97 or Visio 2000).

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-036.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

The fix provided by this patch supersedes the one included in 
Microsoft Security Bulletin MS03-026.

Remote Procedure Call (RPC) is a protocol used by the Windows 
operating system. RPC provides an inter-process communication 
mechanism that allows a program running on one computer to 
seamlessly access services on another computer. The protocol 
itself is derived from the Open Software Foundation (OSF) RPC 
protocol, but with the addition of some Microsoft specific 
extensions.

There are three identified vulnerabilities in the part of RPCSS 
Service that deals with RPC messages for DCOM activation- two 
that could allow arbitrary code execution and one that could 
result in a denial of service. The flaws result from incorrect 
handling of malformed messages. These particular vulnerabilities 
affect the Distributed Component Object Model (DCOM) interface 
within the RPCSS Service. This interface handles DCOM object 
activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities 
could be able to run code with Local System privileges on an 
affected system, or could cause the RPCSS Service to fail. The 
attacker could then be able to take any action on the system, 
including installing programs, viewing, changing or deleting 
data, or creating new accounts with full privileges.

To exploit these vulnerabilities, an attacker could create a 
program to send a malformed RPC message to a vulnerable system 
targeting the RPCSS Service.

Microsoft has released a tool that can be used to scan a network 
for the presence of systems which have not had the MS03-039 patch 
installed. More details on this tool are available in Microsoft 
Knowledge Base article 827363. This tool supersedes the one 
provided in Microsoft Knowledge Base article 826369. If the tool 
provided in Microsoft Knowledge Base Article 826369 is used 
against a system which has installed the security patch provided 
with this bulletin, the superseded tool will incorrectly report 
that the system is missing the patch provided in MS03-026. 
Microsoft encourages customers to run the latest version of the 
tool available in Microsoft Knowledge Base article 827363 to 
determine if their systems are patched.

*Maximum Severity Rating: Critical *

Affected Software:

Microsoft Windows NT Workstation 4.0 
Microsoft Windows NT Server® 4.0 
Microsoft Windows NT Server 4.0, Terminal Server Edition 
Microsoft Windows 2000 
Microsoft Windows XP 
Microsoft Windows Server 2003

Not Affected Software:

Microsoft Windows Millennium Edition

Download locations for this patch

Windows NT Workstation 4.0 

Windows NT Server 4.0 

Windows NT Server 4.0, Terminal Server Edition 

Windows 2000 

Windows XP 

Windows XP 64 bit Edition 

Windows XP 64 bit Edition Version 2003 

Windows Server 2003 

Windows Server 2003 64 bit Edition 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

This is a cumulative patch that includes the functionality of all 
previously released patches for Internet Explorer 5.01, 5.5 and 6.0. 
In addition, it eliminates the following newly discovered 
vulnerabilities:

A vulnerability that occurs because Internet Explorer does not 
properly determine an object type returned from a Web server in a 
popup window. It could be possible for an attacker who exploited this
vulnerability to run arbitrary code on a user's system. If a user 
visited an attacker's Web site, it would be possible for the attacker
to exploit this vulnerability without any other user action. An 
attacker could also craft an HTML-based e-mail that would attempt to 
exploit this vulnerability.

A vulnerability that occurs because Internet Explorer does not 
properly determine an object type returned from a Web server during 
XML data binding. It could be possible for an attacker who exploited 
this vulnerability to run arbitrary code on a user's system. If a 
user visited an attacker's Web site, it would be possible for the 
attacker to exploit this vulnerability without any other user action.
An attacker could also craft an HTML-based e-mail that would attempt 
to exploit this vulnerability.

A change has been made to the method by which Internet Explorer 
handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer 
Restricted Zone. It could be possible for an attacker exploiting a 
separate vulnerability (such as one of the two vulnerabilities 
discussed above) to cause Internet Explorer to run script code in the
security context of the Internet Zone. In addition, an attacker could
use Windows Media Player's (WMP) ability to open URL's to construct 
an attack. An attacker could also craft an HTML-based e-mail that 
could attempt to exploit this behavior.

To exploit these flaws, the attacker would have to create a specially
formed HTML-based e-mail and send it to the user. Alternatively an 
attacker would have to host a malicious Web site that contained a Web
page designed to exploit these vulnerabilities. The attacker would 
then have to persuade a user to visit that site.

As with the previous Internet Explorer cumulative patches released 
with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this 
cumulative patch will cause window.showHelp( ) to cease to function 
if you have not applied the HTML Help update. If you have installed 
the updated HTML Help control from Knowledge Base article 811630, you
will still be able to use HTML Help functionality after applying this
patch.

In addition to applying this security patch it is recommended that 
users also install the Windows Media Player update referenced in 
Knowledge Base Article 828026. This update is available from Windows
Update as well as the Microsoft Download Center for all supported 
versions of Windows Media Player. While not a security patch, this 
update contains a change to the behavior of Windows Media Player's 
ability to launch URL's to help protect against DHTML behavior based 
attacks. Specifically, it restricts Windows Media Player's ability 
to launch URL's in the local computer zone from other zones.

Affected Software:

Internet Explorer 5.01 
Internet Explorer 5.5 
Internet Explorer 6.0 
Internet Explorer 6.0 for Windows Server 2003

Download locations for this patch

All versions except Microsoft Internet Explorer 6.0 for Windows Server 2003 

Microsoft Internet Explorer 6.0 for Windows Server 2003 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-040.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Not a critical update, but if the embedded site has spyware, it could prove troublesome:

When a content owner creates an audio or a video stream, that content owner can add script commands (such as URL script commands and custom script commands) that are embedded in the stream. When the stream is played back, the script commands can trigger events in an embedded player program, or they can start your Web browser and then connect to a particular Web page. This behavior is by design.

The 828026 update changes the way that Windows Media Player handles URL script commands that are embedded in a stream. Specifically, the update modifies Windows Media Player to recognize three new registry values that permit a user or an administrator to control the scenarios where the player will run URL script commands that are embedded in a stream.

The information in this article applies to:

Microsoft Windows Media Player 9 Series for Windows XP
Microsoft Windows Media Player 9 Series for Windows 2000
Microsoft Windows Media Player 9 Series for Windows Millennium Edition
Microsoft Windows Media Player 9 Series for Windows Server 2003
Microsoft Windows Media Player for Windows XP Home Edition
Microsoft Windows Media Player for Windows XP Professional
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player 6.4

http://support.microsoft.com/default.aspx?kbid=828026

Regards

eddie


----------



## Rollin' Rog (Dec 9, 2000)

http://www.microsoft.com/security/security_bulletins/20031015_windows.asp

The most important of these affects Windows "Messenger Service" (different than Windows Messenger). This is expected to be the source of new exploits similar to the recent blaster worm:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-043.asp


----------



## eddie5659 (Mar 19, 2001)

Update on the link that Rollin' has supplied

Subsequent to the release of the Windows Security Bulletin Summary 
for October, the following bulletins have undergone a major revision 
increment. Please see the appropriate bulletin section of this 
email for more details.

MS03-041 - Vulnerability in Authenticode Could Allow Remote

Code Execution (823182)

- Affected Software: 
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition, 
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
 - Windows Server 2003 64-bit Edition

- Impact: Remote Code Execution
- Version Number: 1.1

MS03-042 - Buffer Overflow in the Windows Troubleshooter 
ActiveX Control Could Allow Code Execution (826232)

- Affected Software:
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4

- Impact: Remote Code Execution
- Version Number: V2.0

Reason for Major Revision, V2.0 October 29, 2003:
=================================================
Microsoft re-issued this bulletin on October 29, 2003 to 
advise on the availability of an updated Windows 2000 patch.

This revised patch corrects the Debug Programs
(SeDebugPrivilege)
user right issue that some customers experienced with the 
original patch that is discussed in Knowledge Base Article
830846.

This problem is unrelated to the security vulnerability 
discussed in this bulletin. Customers who have already applied 
the patch are protected against the vulnerability discussed in 
this bulletin.

MS03-043 - Buffer Overrun in Messenger Service Could Allow 
Code Execution (828035)

- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition, 
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition

- Impact: Remote Code Execution
- Version Number: 2.0

Reason for Major Revision, V2.0 October 29, 2003:
=================================================
Microsoft re-issued this bulletin on October 29, 2003 to 
advise on the availability of an updated Windows 2000,
Windows XP, and Windows Server 2003 patch.

This revised patch corrects the Debug Programs
(SeDebugPrivilege)
user right issue that some customers experienced with the 
original patch that is discussed in Knowledge Base Article
830846.

This problem is unrelated to the security vulnerability 
discussed in this bulletin. Customers who have already applied 
the patch are protected against the vulnerability discussed in 
this bulletin.

MS03-044 - Buffer Overflow in Windows Help and Support Center 
Could lead to System Compromise (825119)

- Affected Software:
- Windows Millennium Edition
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition, 
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition

- Impact: Remote Code Execution
- Version Number: 1.1

** Important Security Bulletins

MS03-045 - Buffer Overrun in the ListBox and in the ComboBox 
Control Could Allow Code Execution (824141)

- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition, 
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition

- Impact: Remote Code Execution
- Version Number: 3.0

Reason for Major Revision, V3.0 October 29, 2003:
=================================================
Microsoft re-issued this bulletin on October 29, 2003 to 
advise on the availability of an updated Windows XP
patch.

This revised patch corrects the Debug Programs
(SeDebugPrivilege)
user right issue that some customers experienced with the 
original patch that is discussed in Knowledge Base Article
830846.

This problem is unrelated to the security vulnerability 
discussed in this bulletin. Customers who have already applied 
the patch are protected against the vulnerability discussed in 
this bulletin.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/winoct03.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Included in this advisory are three updates describing newly
discovered vulnerabilities in Microsoft Windows. These 
vulnerabilities, broken down by severity are:

** Critical Security Bulletins

MS03-048 - Cumulative Update for Internet Explorer (824145)

- Affected Software: 
- Microsoft Windows Millennium Edition
- Microsoft Windows NT Workstation 4.0, 
Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server
Edition, Service Pack 6
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3, and Service Pack 4
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64 bit Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS03-049 - Buffer Overrun in the Workstation Service Could Allow
Code Execution (828749)

- Affected Software: 
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3, and Service Pack 4
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS03-051 - Buffer Overrun in Microsoft FrontPage Server
Extensions Could Allow Code Execution (813360)

- Affected Software: 
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Office XP,
Microsoft Office Service Release 1

- Impact: Remote Code Execution
- Version Number: 1.0

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/winnov03.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Included in this advisory is an update describing newly discovered
vulnerabilities in Microsoft Office (Microsoft Word and Excel). These
vulnerabilities, broken down by severity are:

** Important Security Bulletins

MS03-050 - Vulnerabilities in Microsoft Word and Microsoft
Excel Could Allow Arbitrary Code to run (831527)

- Affected Software: 
- Microsoft Excel 97 
- Microsoft Excel 2000 
- Microsoft Excel 2002 
- Microsoft Word 97 
- Microsoft Word 98(J) 
- Microsoft Word 2000, Microsoft Works Suite 2001
- Microsoft Word 2002, Microsoft Works Suite 2002,
Microsoft Works Suite 2003 and
Microsoft Works Suite 2004

- Impact: Remote Code Execution
- Version Number: 1.0

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/offnov03.asp

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

V5.0 (November 11,2003): Bulletin updated to advise on the availability of a new security patch for customers who installed Windows 2000 Service Pack 4 and then installed Internet Explorer 6.0 Service Pack 1

Reason for Revision:
====================
Microsoft re-issued this security bulletin on November 11, 2003 to 
advise on the availability of an updated Microsoft Windows 2000
Service Pack 4 (SP4) security patch. This revised security patch 
corrects a regression that may occur during the installation of 
Microsoft Internet Explorer 6.0 Service Pack 1 on Windows 2000 SP4. 
This regression removes the update that is discussed in this bulletin
and that is provided as part of Windows 2000 SP4. Customers who are 
using Windows 2000 SP4 and then installed Internet Explorer 6.0 
Service Pack 1 should apply the updated Windows 2000 SP4 security 
patch to help protect from this vulnerability.

Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/...01-1F6F-4F88-AE9E-6F4636D43D9F&displaylang=en

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-050.asp

Its the first post in this thread 

Regards

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Not a Microsoft update, but same may use in Networks.

DameWare Mini Remote Control is a lightweight remote control intended primarily for administrators and help desks for management of desktop systems. A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system.

A buffer overflow vulnerability has been discovered in versions of DameWare Mini Remote Control prior to 3.73. A remote attacker can send a specially crafted packet to the DameWare Mini Remote Control (default port 6129/TCP) to mimic a client and exploit this vulnerability against the server. Since the buffer overflow occurs in a section of the code used to handle authentication, a remote unauthenticated attacker can execute arbitrary code on the system.

This vulnerability is resolved in version 3.73 or higher. 

Block access to the DameWare Mini Remote Control Service port (default 6129/TCP) at the network perimeter. This will not mitigate attacks from within the firewall perimeter, but may mitigate attacks from outside your network.

http://www.kb.cert.org/vuls/id/909678

Regards

eddie


----------

