Page 1 of 3

Microsoft Security Bulletins

Posted: Sat Jan 25, 2003 11:00 am
by fuuucckkers
Just thought you all might like to know, in recent events with that new Microsoft SQL Worm... I have recieved about 4 security updates via email from Microsoft themself.

If you'd like to subscribe to their Security Update mailing list, go here:
I'ts the same security updates you will recieve via MS Update, you just hear about it first through this mailing list.
http://www.microsoft.com/technet/treevi ... notify.asp

If you want anything Microsoft Security related, go here:
http://www.microsoft.com/security

======================

Title: Cumulative Patch for Microsoft Content Management Server
Date: 22 January 2003
Software: Microsoft Content Management Server 2001
Impact: Information Disclosure
Max Risk: Moderate

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-002.asp
http://www.microsoft.com/security/secur ... 03-002.asp

-----------------

Title: Unchecked Buffer in Locator Service Could Lead to Code Execution
Date: 22 January, 2003
Software: Microsoft Windows NT 4.0, Windows 2000, and Windows XP
Impact: Run code of the attacker's choice
Max Risk: Critical
Bulletin: MS03-001

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-001.asp
http://www.microsoft.com/security/secur ... 03-001.asp

----------------


Title: Flaw in SMB Signing Could Enable Group Policy to be Modified
Released: 11 December 2002
Revised: 22 January 2003 (version 2.0)
Software: Microsoft Windows 2000 / Microsoft Windows XP
Impact: Modify group policy.
Max Risk: Moderate
Bulletin: MS02-070

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 02-070.asp.


----------------------

Title: Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure
Date: 22 January 2002
Software: Microsoft Outlook 2002
Impact: Information Disclosure
Max Risk: Moderate
Bulletin: MS03-003

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-003.asp
http://www.microsoft.com/security/secur ... 03-003.asp

Posted: Sat Jan 25, 2003 11:03 am
by Matt
Because this is such an important issue...I'm going to make it a sticky. It never hurts to be extra safe when it comes to securing your computer.

Posted: Sat Jan 25, 2003 11:13 am
by fuuucckkers
KooLTaB101 wrote:Because this is such an important issue...I'm going to make it a sticky. It never hurts to be extra safe when it comes to securing your computer.
True.. thanks dude. I should've done that myself. :D

Posted: Sat Jan 25, 2003 11:45 am
by Matt
xWastedMindx wrote:True.. thanks dude. I should've done that myself. :D
Actually, I don't think you could have because you need to be a mod in the forum you post in to make anything a sticky or announcement.

Posted: Sat Jan 25, 2003 12:01 pm
by fuuucckkers
KooLTaB101 wrote:
xWastedMindx wrote:True.. thanks dude. I should've done that myself. :D
Actually, I don't think you could have because you need to be a mod in the forum you post in to make anything a sticky or announcement.
I said I should have.. heh. If I was able to, I would have :wink:

Posted: Sat Jan 25, 2003 12:04 pm
by Matt
OH...gotcha.

Anyway...has anyone else but me had trouble signing up for a subscription to the Microsoft Secturity Mail List?

Posted: Sat Jan 25, 2003 12:08 pm
by fuuucckkers
KooLTaB101 wrote:OH...gotcha.

Anyway...has anyone else but me had trouble signing up for a subscription to the Microsoft Secturity Mail List?
We apologize;
The Server was not able to process your request, or is temporarily busy.

You can use the Retry button to attempt the operation again or if the issue persists, please check back at a later time.

$100 says that their running MS SQL along side those ASP pages their hosting. Their probably infected with the new SQL worm alongside everyone else. :roll: :)

Posted: Sat Jan 25, 2003 12:27 pm
by Anthony
But there is a patch issued by them, and if they did not apply the patch.... :roll:

Posted: Sat Jan 25, 2003 12:30 pm
by fuuucckkers
aclauser wrote:But there is a patch issued by them, and if they did not apply the patch.... :roll:
Yeah they have the patch issued.. but the worm probably caught their servers offguard before they knew about it. So their infected, and now trying to get rid of it ..with this so called patch! :|

Posted: Fri Feb 07, 2003 10:24 am
by fuuucckkers
*sigh* ... more security updates from Micro$oft...

These came to my email yesterday, February 6, 2003.
======================

Title: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation
Date: 05 February 2003
Software: Microsoft Windows XP
Impact: Privilege elevation
Max Risk: Important
Bulletin: MS03-005

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-005.asp
http://www.microsoft.com/security/secur ... 03-005.asp

------------------------------

Title: Cumulative Patch for Internet Explorer
Date: 05 February 2003
Software: Microsoft Internet Explorer
Impact: Allow an attacker to execute commands on a user's system.
Max Risk: Critical
Bulletin: MS03-004

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-004.asp
http://www.microsoft.com/security/secur ... 03-004.asp

Posted: Sat Feb 08, 2003 4:43 pm
by fuuucckkers
Wow.. not more than 2 days after Microsoft's weekly Thursday security updates..they release another.

Here's 1 more to add.

Title: Flaw in Windows WM_TIMER Message Handling Could Enable
Privilege Elevation

Released: 11 December 2002
Revised: 07 February 2003 (version 2.0)
Software: Microsoft Windows NT 4.0, Microsoft Windows NT 4.0, Terminal Server Edition, Microsoft Windows 2000, Microsoft Windows XP
Impact: Privilege elevation
Max Risk: Important
Bulletin: MS02-071

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 02-071.asp
http://www.microsoft.com/security/secur ... 02-071.asp

Posted: Thu Feb 13, 2003 6:55 am
by Matt
Title: Cumulative Patch for Internet Explorer (810847)
Released: 5 February 2003
Revised: 12 February 2003(version 2.0)
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Impact: Allow an attacker to execute commands on a user's
system.
Max Risk: Critical
Bulletin: MS03-004

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 03-004.asp
http://www.microsoft.com/security/secur ... 03-004.asp
- ----------------------------------------------------------------------

Posted: Thu Feb 13, 2003 7:02 am
by fuuucckkers
As if it wasnt enough having to download the patch last week, now they have a revised patch of the same thing..cause they didnt get it right the first time?!

Stupid M$ :evil:

Posted: Thu Feb 27, 2003 7:02 am
by Matt
For those Windows ME people out there:

------------------------------------------------------------------
Title: Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709)
Date: 26 February, 2003
Software: Microsoft Windows Me
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS03-006

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-006.asp
http://www.microsoft.com/security/secur ... 03-006.asp

Posted: Mon Mar 17, 2003 4:47 pm
by BigHead
- -----------------------------------------------------------------
Title: Unchecked buffer in Windows component could cause web
server compromise (815021)
Date: 17 March, 2003
Software: Microsoft Windows 2000
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS03-007

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-007.asp
http://www.microsoft.com/security/secur ... 03-007.asp
- -----------------------------------------------------------------