|
|
nah korang, untuk mengelakkan korangkerja overtime
[Copy link]
|
|
|
kena counter check kat website microsoft .. pgp signature not verified
-----BEGIN PGP SIGNED MESSAGE-----
- --------------------------------------------------------------------
Title: Microsoft Exchange Server Security Bulletin Summary for
October 2003
Issued: October 15, 2003
Version Number: 1.0
Bulletin: http://www.microsoft.com/technet/security/excoct03.asp
- --------------------------------------------------------------------
Summary:
========
Included in this advisory are updates for two newly discovered
vulnerabilities in Microsoft Exchange Server. These vulnerabilities,
broken down by severity are:
\\Critical Security Bulletins\\
MS03-046 - Vulnerability in Exchange Server could allow
Arbitrary Code Execution (829436)
- Affected Software:
- Exchange Server 5.5
- Exchange 2000 Server
- Impact: Remote Code Execution
- Version Number: 1.0
\\Moderate Security Bulletins\\
MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web
Access Could Allow Cross-Site Scripting Attack
(828489)
- Affected Software:
- Exchange Server 5.5
- Impact: Remote Code Execution
- Version Number: 1.0
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Exchange
Security Bulletin Summary for October at:
http://www.microsoft.com/technet/security/excoct03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- - Jo鉶 Gouveia ([email protected]) for reporting the issue
described in MS03-046.
- - Ory Segal of Sanctum Inc. (http://www.sanctuminc.com/) for
reporting
the issue described in MS03-047.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PCSAFETY. There is no charge for support calls
associated with security patches.
Revisions:
==========
* V1.0 October 15, 2003: Bulletin Created.
********************************************************************
Protect your PC:
Microsoft has provided information on how you can
help protect your PC at the following locations:
http://www.microsoft.com/technet/security/protect
Patch Management Strategies:
The Microsoft Guide to Security Patch Management Web Site provides
additional information about Microsoft's best practice
recommendations for applying security patches:
http://www.microsoft.com/technet ... tch/secpatch/Defaul
t.asp
IT Pro Security Zone Community:
Learn to improve security and optimize your IT infrastructure,
and participate with other IT Pros on security topics:
http://www.microsoft.com/technet/security/community/default.mspx
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
- --------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
- --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP42V/40ZSRQxA/UrAQGBpQf/QfirolX/+4hkE/oy85o/zOWUkjBlJZTc
BGaJ5R4P9NOQGr/cHuYkRj0I4F8GgxzG6/4L/QAeJUUc0ZMW9cz4wTHyVUK9Wvwi
CAbPNVV2v0ONeIl3JwTXLDtMnGIOl26NDBbYDTNGeskzN1sX6GtghkFtmchniACN
XwOvoauVHVDRwx532wLqsOuTvLXYGhsXAMAg6fvIRgnwqwlh7TiH+46BJaqprwnS
PtEG8eStCzsFbLmWe21OtJD1sIB2eOpFBLIjQDc3DIbzZ3keJPwgUi6y9SRTPbA3
L7NLWAE1efQKn50WeI0ZyMAMAdZCXc6bjKEjxVVsj9Gmzb8NJX+5zw==
=LAjg
-----END PGP SIGNATURE----- |
|
|
|
|
|
|
|
|
|
|
|
----------------------------------------------------------------------
Title: Cumulative Patch for Internet Explorer (828750)
Date: October 3, 2003
Software: Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-040
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
http://www.microsoft.com/security/security_bulletins/MS03-040.asp
----------------------------------------------------------------------
Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for Internet Explorer 5.01, 5.5 and 6.0.
In addition, it eliminates the following newly discovered
vulnerabilities:
A vulnerability that occurs because Internet Explorer does not
properly determine an object type returned from a Web server in a
popup window. It could be possible for an attacker who exploited this
vulnerability to run arbitrary code on a user's system. If a user
visited an attacker's Web site, it would be possible for the attacker
to exploit this vulnerability without any other user action. An
attacker could also craft an HTML-based e-mail that would attempt to
exploit this vulnerability.
A vulnerability that occurs because Internet Explorer does not
properly determine an object type returned from a Web server during
XML data binding. It could be possible for an attacker who exploited
this vulnerability to run arbitrary code on a user's system. If a
user visited an attacker's Web site, it would be possible for the
attacker to exploit this vulnerability without any other user action.
An attacker could also craft an HTML-based e-mail that would attempt
to exploit this vulnerability.
A change has been made to the method by which Internet Explorer
handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer
Restricted Zone. It could be possible for an attacker exploiting a
separate vulnerability (such as one of the two vulnerabilities
discussed above) to cause Internet Explorer to run script code in the
security context of the Internet Zone. In addition, an attacker could
use Windows Media Player's (WMP) ability to open URL's to construct
an attack. An attacker could also craft an HTML-based e-mail that
could attempt to exploit this behavior.
To exploit these flaws, the attacker would have to create a specially
formed HTML-based e-mail and send it to the user. Alternatively an
attacker would have to host a malicious Web site that contained a Web
page designed to exploit these vulnerabilities. The attacker would
then have to persuade a user to visit that site.
As with the previous Internet Explorer cumulative patches released
with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this
cumulative patch will cause window.showHelp( ) to cease to function
if you have not applied the HTML Help update. If you have installed
the updated HTML Help control from Knowledge Base article 811630, you
will still be able to use HTML Help functionality after applying this
patch.
In addition to applying this security patch it is recommended that
users also install the Windows Media Player update referenced in
Knowledge Base Article 828026. This update is available from Windows
Update as well as the Microsoft Download Center for all supported
versions of Windows Media Player. While not a security patch, this
update contains a change to the behavior of Windows Media Player's
ability to launch URL's to help protect against DHTML behavior based
attacks. Specifically, it restricts Windows Media Player's ability
to launch URL's in the local computer zone from other zones.
Mitigating Factors:
====================
-By default, Internet Explorer on Windows Server 2003 runs in
Enhanced
Security Configuration. This default configuration of Internet
Explorer
blocks automatic exploitation of this attack. If Internet Explorer
Enhanced Security Configuration has been disabled, the protections
put in place that prevent this vulnerability from being automatically
exploited would be removed.
-In the Web-based attack scenario, the attacker would have to host a
Web site that contained a Web page used to exploit this
vulnerability. An attacker would have no way to force a user to
visit a malicious Web Site. Instead, the attacker would need to lure
them there, typically by getting them to click a link that would take
them to the attacker's site.
-Exploiting the vulnerability would allow the attacker only the same
privileges as the user. Users whose accounts are configured to have
few privileges on the system would be at less risk than ones who
operate with administrative privileges.
Risk Rating:
============
-Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
http://www.microsoft.com/security/security_bulletins/MS03-040.asp
for information on obtaining this patch.
---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY. |
|
|
|
|
|
|
|
|
|
|
|
ni pun tak verified gak
-----BEGIN PGP SIGNED MESSAGE-----
- --------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for October
2003
Issued: October 15, 2003
Version Number: 1.0
Bulletin: http://www.microsoft.com/technet/security/winoct03.asp
- --------------------------------------------------------------------
Summary:
========
Included in this advisory are updates for five newly discovered
vulnerabilities in Microsoft Windows. These vulnerabilities,
broken down by severity are:
\\Critical Security Bulletins\\
MS03-041 - Vulnerability in Authenticode Could Allow Remote
Code Execution (823182)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-042 - Buffer Overflow in the Windows Troubleshooter
ActiveX Control Could Allow Code Execution (826232)
- Affected Software:
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-043 - Buffer Overrun in Messenger Service Could Allow
Code Execution (828035)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-044 - Buffer Overflow in Windows Help and Support Center
Could lead to System Compromise (825119)
- Affected Software:
- Windows Millennium Edition
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
\\Important Security Bulletins\\
MS03-045 - Buffer Overrun in the ListBox and in the ComboBox
Control Could Allow Code Execution (824141)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows
Security Bulletin Summary for October at:
http://www.microsoft.com/technet/security/winoct03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- - Greg Jones of KPMG UK (http://www.kpmg.co.uk) and
Cesar Cerrudo ([email protected])
for reporting the issue described in MS03-042.
- - The Last Stage of Delirium Research Group (http://lsd-pl.net)
for reporting the issue in MS03-043.
- - David Litchfield of Next Generation Security Software Ltd.
(http://www.nextgenss.com)
for reporting the issue in MS03-044.
- - Brett Moore of Security-Assessment.com
(http://www.security-assessment.com)
for reporting the issue in MS03-045.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PCSAFETY. There is no charge for support calls
associated with security patches.
Revisions:
==========
* V1.0 October 15, 2003: Bulletin Created.
********************************************************************
Protect your PC:
Microsoft has provided information on how you can
help protect your PC at the following locations:
http://www.microsoft.com/technet/security/protect
Patch Management Strategies:
The Microsoft Guide to Security Patch Management Web Site provides
additional information about Microsoft's best practice
recommendations for applying security patches:
http://www.microsoft.com/technet ... tch/secpatch/Defaul
t.asp
IT Pro Security Zone Community:
Learn to improve security and optimize your IT infrastructure,
and participate with other IT Pros on security topics:
http://www.microsoft.com/technet/security/community/default.mspx
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
- --------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
- --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP42W4I0ZSRQxA/UrAQFGowf+MPOn14ykPMlaJ7MTaQn7egikb9tKAUO9
Hsmn5peRN61dBfb9rgGzWkHiyGd42/cH6SB+uSuyoO+HMWBebgUAXvCWm2xaEIWk
KUJZV2JDH5fe19GwrcPVY0KBkmbrLk97ypl75Dfkn4HDuJTR/XO7DTYqMNlBX5S5
3C53hsElQciC9Huzy2UguOGqzl0lV5WL5dwggj58p04w9wY25xQvTpbl1Hp5/4Xx
vCDsX2snAmgEKVBaEUVuN5HLEFKNBI+VVNXbtjf9l2VUpzzJ/rvk/elereC4cACx
WkZ9j6wOHmeolDwC5mu+xVEeSD52qhfXsQJYjlxVLQ0/ALBa5mGkzg==
=LZVf
-----END PGP SIGNATURE----- |
|
|
|
|
|
|
|
|
|
Menfreya This user has been deleted
|
giler byk patch windows nih...nih yg tak larat aku nak kasik update sumer.... |
|
|
|
|
|
|
|
|
|
|
|
|
Hehe OS lain tak payah nak dipatch ke??? |
|
|
|
|
|
|
|
|
|
|
|
Originally posted by Remy_3D at 2003-10-16 18:57:
Hehe OS lain tak payah nak dipatch ke???
hehehe .. biasanya .. org org yang guna OS lain .. dia tahu patch sendiri .. takyah org suruh ... biasanya laa ..
 |
|
|
|
|
|
|
|
|
|
|
|
******** *BEGIN ENCRYPTED or SIGNED PART* *********
--------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for
November 2003
Issued: November 11, 2003
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/winnov03.asp
--------------------------------------------------------------------
Summary:
========
Included in this advisory are three updates describing newly
discovered vulnerabilities in Microsoft Windows. These
vulnerabilities, broken down by severity are:
** Critical Security Bulletins
MS03-048 - Cumulative Update for Internet Explorer (824145)
- Affected Software:
- Microsoft Windows Millennium Edition
- Microsoft Windows NT Workstation 4.0,
Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server
Edition, Service Pack 6
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3, and Service Pack 4
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64 bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-049 - Buffer Overrun in the Workstation Service Could Allow
Code Execution (828749)
- Affected Software:
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3, and Service Pack 4
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-051 - Buffer Overrun in Microsoft FrontPage Server
Extensions Could Allow Code Execution (813360)
- Affected Software:
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Office XP,
Microsoft Office Service Release 1
- Impact: Remote Code Execution
- Version Number: 1.0
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For a11itional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows Security
Bulletin Summary for November 2003 at:
http://www.microsoft.com/technet/security/bulletin/winnov03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- jelmer
([email protected])
for reporting the issue described in MS03-048.
- eEye Digital Security
(http://www.eeye.com/)
for reporting the issue described in MS03-049.
- Brett Moore of Security-Assessment.com
(http://www.security-assessment.com/)
for reporting the issue described in MS03-051.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PCSAFETY (1-866-727-2338). There is no charge
for support calls associated with security patches.
International customers can get support from their local Microsoft
subsidiaries. There is no charge for support associated
with security updates. Information on how to contact Microsoft
support is available at
http://support.microsoft.com/common/international.aspx.
Revisions:
==========
* V1.0 November 2003: Bulletin Created.
********************************************************************
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/technet/security/tips/pcprotec.asp
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
--------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for
October 2003
Issued: October 15, 2003
Updated: October 22, 2003
Version Number: 2.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/winoct03.asp
--------------------------------------------------------------------
Reason for Major Revision
=========================
Subsequent to the release of the Windows Security Bulletin Summary
for October, the following bulletin has undergone a major revision
increment. Please see the appropriate bulletin section of this
email for more details.
- MS03-045
Summary:
========
Included in this advisory are updates for five newly discovered
vulnerabilities in Microsoft Windows. These vulnerabilities,
broken down by severity are:
** Critical Security Bulletins
MS03-041 - Vulnerability in Authenticode Could Allow Remote
Code Execution (823182)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.1
MS03-042 - Buffer Overflow in the Windows Troubleshooter
ActiveX Control Could Allow Code Execution (826232)
- Affected Software:
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.1
MS03-043 - Buffer Overrun in Messenger Service Could Allow
Code Execution (828035)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.1
MS03-044 - Buffer Overflow in Windows Help and Support Center
Could lead to System Compromise (825119)
- Affected Software:
- Windows Millennium Edition
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.1
** Important Security Bulletins
MS03-045 - Buffer Overrun in the ListBox and in the ComboBox
Control Could Allow Code Execution (824141)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 2.0
Reason for Major Revision, V2.0 October 22, 2003:
=================================================
Subsequent to the release of this bulletin and the associated
patches, a compatibility problem with some third party
software has been identified with a set of language specific
versions of the Windows 2000 Service Pack 4 patch. This problem
is unrelated to the security vulnerability discussed in this
bulletin. Customers who have applied the patch are protected
against the vulnerability discussed in this bulletin.
Microsoft has developed a fix for this issue and is
re-releasing this bulletin to reflect the new updated patches.
The compatibility problems only affect the language versions
of the patch listed within the bulletin and only those versions
of the patch are being re-released. Other language versions of
this patch are not affected and are not being re-released.
Please note that the new security patches support both the
Setup switches originally documented in this bulletin as well
as a set of new Setup switches that are document in the
Installation Information Section of this bulletin.
Additionally, the updated language versions support Windows
2000 Service Pack 2, Windows 2000 Service Pack 3, and
Windows 2000 Service Pack 4 in a single security patch.
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows
Security Bulletin Summary for October at:
http://www.microsoft.com/technet/security/bulletin/winoct03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- Greg Jones of KPMG UK (http://www.kpmg.co.uk) and
Cesar Cerrudo ([email protected])
for reporting the issue described in MS03-042.
- The Last Stage of Delirium Research Group (http://lsd-pl.net)
for reporting the issue in MS03-043.
- David Litchfield of Next Generation Security Software Ltd.
(http://www.nextgenss.com)
for reporting the issue in MS03-044.
- Brett Moore of Security-Assessment.com
(http://www.security-assessment.com)
for reporting the issue in MS03-045.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security patches.
Revisions:
==========
* V1.0 October 15, 2003: Bulletin Created.
* V2.0 October 22, 2003: Updated to include details of the
major revisions in MS03-045.
********************************************************************
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/technet/security/tips/pcprotec.asp
Mitigation Strategies: Additional mitigation strategies and
techniques for securing corporate infrastructures can be found
at: http://www.microsoft.com/technet/mitigation.asp
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
--------------------------------------------------------------------
Title: Microsoft Exchange Server Security Bulletin Summary for
October 2003
Issued: October 15, 2003
Updated: October 22, 2003
Version Number: 2.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/excoct03.asp
--------------------------------------------------------------------
Reason for Major Revision
=========================
Subsequent to the release of the Windows Security Bulletin Summary
for October, the following bulletin has undergone a major revision
increment. Please see the appropriate bulletin section of this
email for more details.
- MS03-047
Summary:
========
Included in this advisory are updates for two newly discovered
vulnerabilities in Microsoft Exchange Server. These vulnerabilities,
broken down by severity are:
** Critical Security Bulletins
MS03-046 - Vulnerability in Exchange Server could allow
Arbitrary Code Execution (829436)
- Affected Software:
- Exchange Server 5.5
- Exchange 2000 Server
- Impact: Remote Code Execution
- Version Number: 1.1
** Moderate Security Bulletins
MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web
Access Could Allow Cross-Site Scripting Attack
(828489)
- Affected Software:
- Exchange Server 5.5
- Impact: Remote Code Execution
- Version Number: 2.0
Reason for Major Revision, V2.0 October 22, 2003:
=================================================
Subsequent to the original release of this bulletin, it was
discovered that certain languages were not covered by the
original patch. This bulletin has been updated to provide
information about a new patch, which is intended for customers
having installed a language from the Language Packs for
Outlook Web Access. In addition, for this patch to function
properly the Outlook Web Access (OWA) server on which the
patch is installed must have Internet Explorer 5.01 or greater
installed. If the patch is installed on a system with a version
of IE less than 5.01, unexpected consequences may result.
The "Caveats" section has been updated to include version
requirements for this patch. It also contains version
recommendations for dependent components that are applicable at
the time of this writing. The deployment section has also been
expanded to discuss in detail how to download and install this
security patch.
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Exchange
Security Bulletin Summary for October at:
http://www.microsoft.com/technet/security/bulletin/excoct03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- Jo鉶 Gouveia ([email protected])
for reporting the issue described in MS03-046.
- Ory Segal of Sanctum Inc. (http://www.sanctuminc.com/)
for reporting the issue described in MS03-047.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for
support calls associated with security patches.
Revisions:
==========
* V1.0 October 15, 2003: Bulletin Created.
* V2.0 October 22, 2003: Updated to include details of the
major revisions in MS03-047.
********************************************************************
Protect your PC:
Microsoft has provided information on how you can
help protect your PC at the following locations:
http://www.microsoft.com/technet/security/protect
Patch Management Strategies:
The Microsoft Guide to Security Patch Management Web Site provides
additional information about Microsoft's best practice
recommendations for applying security patches:
http://www.microsoft.com/technet ... patch/secpatch/Defa
ult.asp
IT Pro Security Zone Community:
Learn to improve security and optimize your IT infrastructure,
and participate with other IT Pros on security topics:
http://www.microsoft.com/technet/security/community/default.mspx
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for
October 2003
Issued: October 15, 2003
Updated: October 29, 2003
Version Number: 3.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/winoct03.asp
--------------------------------------------------------------------
Reason for Major Revision
=========================
Subsequent to the release of the Windows Security Bulletin Summary
for October, the following bulletins have undergone a major revision
increment. Please see the appropriate bulletin section of this
email for more details.
- MS03-042
- MS03-043
- MS03-045
Summary:
========
Included in this advisory are updates for five newly discovered
vulnerabilities in Microsoft Windows. These vulnerabilities,
broken down by severity are:
** Critical Security Bulletins
MS03-041 - Vulnerability in Authenticode Could Allow Remote
Code Execution (823182)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.1
MS03-042 - Buffer Overflow in the Windows Troubleshooter
ActiveX Control Could Allow Code Execution (826232)
- Affected Software:
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Impact: Remote Code Execution
- Version Number: V2.0
Reason for Major Revision, V2.0 October 29, 2003:
=================================================
Microsoft re-issued this bulletin on October 29, 2003 to
advise on the availability of an updated Windows 2000 patch.
This revised patch corrects the Debug Programs
(SeDebugPrivilege)
user right issue that some customers experienced with the
original patch that is discussed in Knowledge Base Article
830846.
This problem is unrelated to the security vulnerability
discussed in this bulletin. Customers who have already applied
the patch are protected against the vulnerability discussed in
this bulletin.
MS03-043 - Buffer Overrun in Messenger Service Could Allow
Code Execution (828035)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 2.0
Reason for Major Revision, V2.0 October 29, 2003:
=================================================
Microsoft re-issued this bulletin on October 29, 2003 to
advise on the availability of an updated Windows 2000,
Windows XP, and Windows Server 2003 patch.
This revised patch corrects the Debug Programs
(SeDebugPrivilege)
user right issue that some customers experienced with the
original patch that is discussed in Knowledge Base Article
830846.
This problem is unrelated to the security vulnerability
discussed in this bulletin. Customers who have already applied
the patch are protected against the vulnerability discussed in
this bulletin.
MS03-044 - Buffer Overflow in Windows Help and Support Center
Could lead to System Compromise (825119)
- Affected Software:
- Windows Millennium Edition
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.1
** Important Security Bulletins
MS03-045 - Buffer Overrun in the ListBox and in the ComboBox
Control Could Allow Code Execution (824141)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 3.0
Reason for Major Revision, V3.0 October 29, 2003:
=================================================
Microsoft re-issued this bulletin on October 29, 2003 to
advise on the availability of an updated Windows XP
patch.
This revised patch corrects the Debug Programs
(SeDebugPrivilege)
user right issue that some customers experienced with the
original patch that is discussed in Knowledge Base Article
830846.
This problem is unrelated to the security vulnerability
discussed in this bulletin. Customers who have already applied
the patch are protected against the vulnerability discussed in
this bulletin.
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows
Security Bulletin Summary for October at:
http://www.microsoft.com/technet/security/bulletin/winoct03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- Greg Jones of KPMG UK (http://www.kpmg.co.uk) and
Cesar Cerrudo ([email protected])
for reporting the issue described in MS03-042.
- The Last Stage of Delirium Research Group (http://lsd-pl.net)
for reporting the issue in MS03-043.
- David Litchfield of Next Generation Security Software Ltd.
(http://www.nextgenss.com)
for reporting the issue in MS03-044.
- Brett Moore of Security-Assessment.com
(http://www.security-assessment.com)
for reporting the issue in MS03-045.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security patches.
Revisions:
==========
* V1.0 October 15, 2003: Bulletin Created.
* V2.0 October 22, 2003: Updated to include details of the
major revisions in MS03-045.
* V3.0 October 29, 2003: Updated to include details of the
major revisions in MS03-042, MS03-043, MS03-045.
********************************************************************
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/technet/security/tips/pcprotec.asp
Mitigation Strategies: Additional mitigation strategies and
techniques for securing corporate infrastructures can be found
at: http://www.microsoft.com/technet/mitigation.asp
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
-------------------------------------------------------------------- |
|
|
|
|
|
|
|
|
|
winzip This user has been deleted
|
|
|
|
|
|
|
|
|
|
|
|
- --------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for
January 2004
Issued: January 13, 2004
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/winjan04.asp
- --------------------------------------------------------------------
Summary:
========
Included in this advisory is an update for a newly discovered
vulnerability in Microsoft Data Access Components (MDAC).
This vulnerability is rated Important.
MS04-003 - Buffer Overrun in MDAC Function Could Allow Code
Execution (832483)
- Affected Software:
- Microsoft Data Access Components 2.5 (included with
Microsoft Windows 2000)
- Microsoft Data Access Components 2.6 (included with
Microsoft SQL Server 2000)
- Microsoft Data Access Components 2.7 (included with
Microsoft Windows XP)
- Microsoft Data Access Components 2.8 (included with
Microsoft Windows Server 2003)
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
An update is available to fix this vulnerability.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Update
Deployment Information please read the Microsoft Windows Security
Bulletin Summary for January at:
http://www.microsoft.com/technet/security/bulletin/winjan04.asp
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security patches.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at:
http://support.microsoft.com/common/international.aspx
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews
* Join our Microsoft webcast for a live discussion of the technical
details of the January security bulletins and steps you can take
to protect your environment. Details can be found at:
http://msevents.microsoft.com/CUI/EventDetail.aspx?
EventID=1032241586&Culture=en-US
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
Revisions:
==========
* V1.0 January 13, 2004: Bulletin Created.
********************************************************************
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
- --------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
- -------------------------------------------------------------------- |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
--------------------------------------------------------------------
Title: Microsoft Exchange Server Security Bulletin Summary for
January 2004
Issued: January 13, 2004
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/excjan04.asp
--------------------------------------------------------------------
Summary:
========
Included in this advisory is an update for a newly discovered
Vulnerability in Microsoft Exchange Server 2003.
This vulnerability is rated Moderate.
MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to
Privilege Escalation (832759)
- Affected Software:
- Microsoft Exchange Server 2003
- Impact: Elevation of Privilege
- Version Number: 1.0
Update Availability:
===================
An update is available to fix this vulnerability.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Update
Deployment Information please read the Microsoft Exchange Server
2003 Security Bulletin Summary for January at:
http://www.microsoft.com/technet/security/bulletin/excjan04.asp
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security patches.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at:
http://support.microsoft.com/common/international.aspx
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews
* Join our Microsoft webcast for a live discussion of the technical
details of the January security bulletins and steps you can take
to protect your environment. Details can be found at:
http://msevents.microsoft.com/CUI/EventDetail.aspx?
EventID=1032241586&Culture=en-US
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
Revisions:
==========
* V1.0 January 13, 2004: Bulletin Created.
********************************************************************
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
--------------------------------------------------------------------
Title: Microsoft ISA Server Security Bulletin Summary for
January 2004
Issued: January 13, 2004
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/isajan04.asp
--------------------------------------------------------------------
Summary:
========
Included in this advisory is an update for a newly discovered
vulnerability in Microsoft Internet Security and Acceleration
Server 2000. This vulnerability is rated Critical.
MS04-001 - Vulnerability in ISA Server H.323 Filter Could
Allow Remote Code Execution (816458)
- Affected Software:
- Microsoft Internet Security and
Acceleration Server 2000
- Microsoft Small Business Server 2000 (which
includes Microsoft Internet Security and
Acceleration Server 2000)
- Microsoft Small Business Server 2003 (which
includes Microsoft Internet Security and
Acceleration Server 2000)
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
An update is available to fix this vulnerability.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Update
Deployment Information please read the Microsoft ISA Server
Security Bulletin Summary for January at:
http://www.microsoft.com/technet/security/bulletin/isajan04.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- The UK National Infrastructure Security Co-ordination Centre
(NISCC) (http://www.niscc.gov.uk) for reporting the issue described
in MS04-001.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security patches.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews
* Join our Microsoft webcast for a live discussion of the technical
details of the January security bulletins and steps you can take
to protect your environment. Details can be found at:
http://msevents.microsoft.com/CUI/EventDetail.aspx?
EventID=1032241586&Culture=en-US
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
Revisions:
==========
* V1.0 January 13, 2004: Bulletin Created.
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
|
itu kira kerja lah tu, bagi kesedaran kepada para pengguna produk microsoft.. kira kerja amal lah tu kan.. ker ko ada syer kat microsoft tu??? ko kerja sana yer??? |
|
|
|
|
|
|
|
|
|
|
|
kalau nak bandingkan la..
patch windows paling slow kluar berbanding os lain...
even kalau LINUX/BSD/*NIX patch tuh kadang2 hari2 kluar.. tapi tgk untuk apa la.. ada yg minor2 bugs.. ada yg security punye... tuh kene patch terus la... nanti nayaaaa.. pastikan takde backdoor dan daemon2 / background process yg "haram"  |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
--------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for
February 2004
Issued: February 2, 2004
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
--------------------------------------------------------------------
Summary:
========
Included in this advisory is an update for newly discovered
vulnerabilities in Microsoft Windows.
This bulletin is rated Critical.
MS04-004 - Cumulative Security Update for Internet Explorer
(832894)
- Affected Software:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows Millennium Edition
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP,
- Windows XP, Service Pack 1
- Windows XP 64-bit Edition,
- Windows XP 64-bit Edition, Service Pack 1
- Windows XP 64-bit Edition, Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
An update is available to fix this vulnerability.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Update
Deployment Information please read the Microsoft Windows Security
Bulletin Summary for February at:
http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security patches.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews
* Join our Microsoft webcast for a live discussion of the technical
details of the February security bulletin release and steps you can
take to protect your environment. Details can be found at:
http://go.microsoft.com/fwlink/?LinkId=22796
* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- Andreas Sandblad ([email protected])
for reporting the Travel Log Cross Domain Vulnerability
described in MS04-004.
Revisions:
==========
* V1.0 February 2004: Bulletin Created.
********************************************************************
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
| |
|
Author
Post time 16-10-2003 11:57 PM
