Microsoft Security Bulletins
Moderators: Big-O Ryan, Big-O Mark, Matt, jester22c
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Title: Cumulative Patch for Internet Explorer (818529)
Date: 04 June 2003
Software: Microsoft(r) Microsoft Internet Explorer(r) 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003
Impact: Allow an attacker to execute code of their choice
Max Risk: Critical
Bulletin: MS03-020
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-020.asp
http://www.microsoft.com/security/secur ... 03-020.asp
Date: 04 June 2003
Software: Microsoft(r) Microsoft Internet Explorer(r) 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003
Impact: Allow an attacker to execute code of their choice
Max Risk: Critical
Bulletin: MS03-020
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-020.asp
http://www.microsoft.com/security/secur ... 03-020.asp
Title: Flaw In Windows Media Player May Allow Media Library
Access (819639)
Date: 25 June 2003
Software: Microsoft(r) Windows(r) Media Player 9 Series
Impact: Information disclosure
Max Risk: Moderate
Bulletin: MS03-021
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-021.asp
http://www.microsoft.com/security/secur ... 03-021.asp
Title: Flaw in ISAPI Extension for Windows Media Services Could
Cause Code Execution (822343)
Date: 25 June 2003
Software: Microsoft(r) Windows(r) 2000
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-022
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-022.asp
http://www.microsoft.com/security/secur ... 03-022.asp
Access (819639)
Date: 25 June 2003
Software: Microsoft(r) Windows(r) Media Player 9 Series
Impact: Information disclosure
Max Risk: Moderate
Bulletin: MS03-021
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-021.asp
http://www.microsoft.com/security/secur ... 03-021.asp
Title: Flaw in ISAPI Extension for Windows Media Services Could
Cause Code Execution (822343)
Date: 25 June 2003
Software: Microsoft(r) Windows(r) 2000
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-022
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-022.asp
http://www.microsoft.com/security/secur ... 03-022.asp
Last edited by BigHead on Wed Jun 25, 2003 8:02 pm, edited 1 time in total.
BigHead
~2592~
~2592~
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Title: Buffer Overrun In HTML Converter Could Allow Code
Execution (823559)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Allow an attacker to execute code of their choice
Max Risk: Critical
Bulletin: MS03-023
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-023.asp
http://www.microsoft.com/security/secur ... 03-023.asp
Title: Buffer Overrun in Windows Could Lead to Data
Corruption (817606)
Date: 09 July 2003
Software:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Windows XP Professional
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-024
Microsoft encourages customers to review the Security Bulletins
at: http://www.microsoft.com/technet/securi ... etin/MS03-
024.asp http://www.microsoft.com/security/secur ... 03-024.asp
Execution (823559)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Allow an attacker to execute code of their choice
Max Risk: Critical
Bulletin: MS03-023
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-023.asp
http://www.microsoft.com/security/secur ... 03-023.asp
Title: Buffer Overrun in Windows Could Lead to Data
Corruption (817606)
Date: 09 July 2003
Software:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Windows XP Professional
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-024
Microsoft encourages customers to review the Security Bulletins
at: http://www.microsoft.com/technet/securi ... etin/MS03-
024.asp http://www.microsoft.com/security/secur ... 03-024.asp
BigHead
~2592~
~2592~
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Title: Flaw in Windows Message Handling through Utility
Manager Could Enable Privilege Elevation (822679)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 2000
Impact: Privilege Elevation
Max Risk: Important
Bulletin: MS03-025
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-025.asp
http://www.microsoft.com/security/secur ... 03-025.asp
Manager Could Enable Privilege Elevation (822679)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 2000
Impact: Privilege Elevation
Max Risk: Important
Bulletin: MS03-025
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-025.asp
http://www.microsoft.com/security/secur ... 03-025.asp
Title: Buffer Overrun In RPC Interface Could Allow Code
Execution (823980)
Date: 16 July 2003
Software: Microsoft(r) Windows (r) NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-026
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-026.asp
http://www.microsoft.com/security/secur ... 03-026.asp
Execution (823980)
Date: 16 July 2003
Software: Microsoft(r) Windows (r) NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-026
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-026.asp
http://www.microsoft.com/security/secur ... 03-026.asp
BigHead
~2592~
~2592~
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Title: Flaw in ISA Server Error Pages Could Allow Cross-Site
Scripting Attack (816456)
Date: 16 July 2003
Software: Microsoft(r) ISA Server
Max Risk: Important
Bulletin: MS03-028
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-028.asp
http://www.microsoft.com/security/secur ... 03-028.asp
--------
Title: Unchecked Buffer in Windows Shell Could Enable System
Compromise (821557)
Date: 16 July 2003
Software: Microsoft(r) Windows (r) XP
Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-027
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-027.asp
http://www.microsoft.com/security/secur ... 03-027.asp
Scripting Attack (816456)
Date: 16 July 2003
Software: Microsoft(r) ISA Server
Max Risk: Important
Bulletin: MS03-028
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-028.asp
http://www.microsoft.com/security/secur ... 03-028.asp
--------
Title: Unchecked Buffer in Windows Shell Could Enable System
Compromise (821557)
Date: 16 July 2003
Software: Microsoft(r) Windows (r) XP
Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-027
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-027.asp
http://www.microsoft.com/security/secur ... 03-027.asp
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Title: Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Date: July 23, 2003
Software: Microsoft DirectX(r) 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.0a on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.1 on Windows XP
Microsoft DirectX 8.1 on Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98
Microsoft DirectX 9.0a when installed on Windows 98 SE
Microsoft DirectX 9.0a when installed on Windows
Millennium Edition
Microsoft DirectX 9.0a when installed on Windows 2000
Microsoft DirectX 9.0a when installed on Windows XP
Microsoft DirectX(r) 9.0a when installed on Windows
Server 2003
Microsoft Windows NT 4.0 Server with either Windows
Media Player 6.4 or Internet Explorer 6 Service Pack 1
installed.
Microsoft Windows NT 4.0, Terminal Server Edition with
either Windows Media Player 6.4 or Internet Explorer 6
Service Pack 1 installed.
Impact: Allow an attacker to execute code on a user's system
Max Risk: Critical
Bulletin: MS03-030
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-030.asp
http://www.microsoft.com/security/secur ... 03-030.asp
--------------------
Title: Flaw in Windows Function Could Allow Denial of Service
Date: 23 July 2003
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-029.asp
http://www.microsoft.com/security/secur ... 03-029.asp
----------------------
Title: Cumulative Patch for Microsoft SQL Server
Date: 23 July 2003
Software:
- Microsoft SQL Server 7.0
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (Windows)
Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-031
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-031.asp
http://www.microsoft.com/security/secur ... 03-031.asp
Date: July 23, 2003
Software: Microsoft DirectX(r) 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.0a on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.1 on Windows XP
Microsoft DirectX 8.1 on Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98
Microsoft DirectX 9.0a when installed on Windows 98 SE
Microsoft DirectX 9.0a when installed on Windows
Millennium Edition
Microsoft DirectX 9.0a when installed on Windows 2000
Microsoft DirectX 9.0a when installed on Windows XP
Microsoft DirectX(r) 9.0a when installed on Windows
Server 2003
Microsoft Windows NT 4.0 Server with either Windows
Media Player 6.4 or Internet Explorer 6 Service Pack 1
installed.
Microsoft Windows NT 4.0, Terminal Server Edition with
either Windows Media Player 6.4 or Internet Explorer 6
Service Pack 1 installed.
Impact: Allow an attacker to execute code on a user's system
Max Risk: Critical
Bulletin: MS03-030
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-030.asp
http://www.microsoft.com/security/secur ... 03-030.asp
--------------------
Title: Flaw in Windows Function Could Allow Denial of Service
Date: 23 July 2003
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-029.asp
http://www.microsoft.com/security/secur ... 03-029.asp
----------------------
Title: Cumulative Patch for Microsoft SQL Server
Date: 23 July 2003
Software:
- Microsoft SQL Server 7.0
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (Windows)
Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-031
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-031.asp
http://www.microsoft.com/security/secur ... 03-031.asp
- - -----------------------------------------------------------------
Title: Buffer Overrun in Windows Could Lead to Data
Corruption (817606)
Date: 09 July 2003
Software:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Windows XP Professional
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-024
Microsoft encourages customers to review the Security Bulletins
at: http://www.microsoft.com/technet/securi ... etin/MS03-
024.asp
http://www.microsoft.com/security/secur ... 03-024.asp
- - -----------------------------------------------------------------
- - - ---------------------------------------------------------------
Title: Flaw in Windows Message Handling through Utility
Manager Could Enable Privilege Elevation (822679)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 2000
Impact: Privilege Elevation
Max Risk: Important
Bulletin: MS03-025
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-025.asp
http://www.microsoft.com/security/secur ... 03-025.asp
- - - ---------------------------------------------------------------
Title: Buffer Overrun in Windows Could Lead to Data
Corruption (817606)
Date: 09 July 2003
Software:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Windows XP Professional
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-024
Microsoft encourages customers to review the Security Bulletins
at: http://www.microsoft.com/technet/securi ... etin/MS03-
024.asp
http://www.microsoft.com/security/secur ... 03-024.asp
- - -----------------------------------------------------------------
- - - ---------------------------------------------------------------
Title: Flaw in Windows Message Handling through Utility
Manager Could Enable Privilege Elevation (822679)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 2000
Impact: Privilege Elevation
Max Risk: Important
Bulletin: MS03-025
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-025.asp
http://www.microsoft.com/security/secur ... 03-025.asp
- - - ---------------------------------------------------------------
BigHead
~2592~
~2592~
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Title: Flaw in Windows Function Could Allow Denial of Service (823803)
Date: 23 July 2003 (Revised 13 August 2003)
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-029.asp
http://www.microsoft.com/security/secur ... 03-029.asp
Stupid Microsoft ...
Date: 23 July 2003 (Revised 13 August 2003)
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-029.asp
http://www.microsoft.com/security/secur ... 03-029.asp
Subsequent to issuing this security bulletin, Microsoft identified a
problem with the security patch which specifically affects systems
which have the Remote Access Service (RAS) enabled on them. This
causes RAS to fail when the system is rebooted after applying the
patch. It does not affect other non-RAS functions, nor is there a
problem with the actual fix for the security vulnerability itself.
Microsoft has developed a fix for this issue and is re-releasing this
bulletin to reflect the new updated patch.
Stupid Microsoft ...
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Wow oh wow.. is it the middle of the month already?! More Security Fixes! -- We got lots of them today!
================Title: Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Released: 23 July 2003
Revised: 20 August 2003 (version 2.0)
Software: Microsoft DirectX(r) 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.1 on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b when
installed on Windows 98, Windows 98 SE, Windows
Millennium Edition or Windows 2000
Microsoft DirectX 8.1 on Windows XP or
Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98,
Windows 98 SE, Windows Millennium Edition (Windows Me),
Windows 2000, Windows XP, or Windows Server 2003
Microsoft Windows NT 4.0 Server with either Windows
Media Player 6.4 or Internet Explorer 6 Service Pack 1
installed.
Microsoft Windows NT 4.0, Terminal Server Edition with
either Windows Media Player 6.4 or Internet Explorer 6
Service Pack 1 installed.
Impact: Allow an attacker to execute code on a user's system
Max Risk: Critical
Bulletin: MS03-030
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 03-030.asp
http://www.microsoft.com/security/secur ... 03-030.asp
Reason for Revision:
====================
Subsequent to the original release of this bulletin, customers
requested that we support additional versions of DirectX that were
not covered by the original patches. This bulletin has been updated
to provide information about this new patch.
===============================Title: Unchecked Buffer in MDAC Function Could Enable System Compromise (Q326573)
Released: 31 July 2003
Revised: 20 August 2003 (version 2.0)
Software: Microsoft Data Access Components 2.5
Microsoft Data Access Components 2.6
Microsoft Data Access Components 2.7
Impact: Run code of the attacker's choice.
Max Risk: Critical
Bulletin: MS02-040
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 02-040.asp
http://www.microsoft.com/security/secur ... 02-040.asp
Reason for Revision:
====================
Subsequent to the release of this bulletin, it was determined that
the vulnerability addressed is not with the OpenRowSet command
(which is a Microsoft SQL Server command) but rather that the
vulnerability is with the underlying MDAC component Open Database
Connectivity (ODBC), which is present in all versions of Windows.
Additionally, the original patch released with this did not install
correctly on some systems because of a flaw in the way that
Microsoft Windows Installer updated the System File Protection
cache. The bulletin has been updated to include this additional
information and to direct users to an updated patch.
=============================Title: Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Date: 20 August 2003
Software:
- Microsoft Data Access Components 2.5
- Microsoft Data Access Components 2.6
- Microsoft Data Access Components 2.7
Impact: Run code of the attacker's choice
Max Risk: Important
Bulletin: MS03-033
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-033.asp
http://www.microsoft.com/security/secur ... 03-033.asp
Title: Cumulative Patch for Internet Explorer (822925)
Date: 20 August 2003
Software:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of the attacker's choice
Max Risk: Critical
Bulletin: MS03-032
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-032.asp
http://www.microsoft.com/security/secur ... 03-032.asp
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
Wow.. it's been awhile. Time for some updates.
itle: Microsoft Windows Security Bulletin Summary for
November 2003
Issued: November 11, 2003
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/securi ... nnov03.asp
- --------------------------------------------------------------------
Summary:
========
Included in this advisory are three updates describing newly
discovered vulnerabilities in Microsoft Windows. These
vulnerabilities, broken down by severity are:
** Critical Security Bulletins
MS03-048 - Cumulative Update for Internet Explorer (824145)
- Affected Software:
- Microsoft Windows Millennium Edition
- Microsoft Windows NT Workstation 4.0,
Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server
Edition, Service Pack 6
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3, and Service Pack 4
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64 bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-049 - Buffer Overrun in the Workstation Service Could Allow
Code Execution (828749)
- Affected Software:
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3, and Service Pack 4
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-051 - Buffer Overrun in Microsoft FrontPage Server
Extensions Could Allow Code Execution (813360)
- Affected Software:
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Office XP,
Microsoft Office Service Release 1
- Impact: Remote Code Execution
- Version Number: 1.0
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For a11itional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows Security
Bulletin Summary for November 2003 at:
http://www.microsoft.com/technet/securi ... nnov03.asp
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
And one for Microsoft Office as well...
Title: Microsoft Office Security Bulletin Summary for
November 2003
Issued: November 11, 2003
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/securi ... fnov03.asp
- --------------------------------------------------------------------
Summary:
========
Included in this advisory is an update describing newly discovered
vulnerabilities in Microsoft Office (Microsoft Word and Excel). These
vulnerabilities, broken down by severity are:
** Important Security Bulletins
MS03-050 - Vulnerabilities in Microsoft Word and Microsoft
Excel Could Allow Arbitrary Code to run (831527)
- Affected Software:
- Microsoft Excel 97
- Microsoft Excel 2000
- Microsoft Excel 2002
- Microsoft Word 97
- Microsoft Word 98(J)
- Microsoft Word 2000, Microsoft Works Suite 2001
- Microsoft Word 2002, Microsoft Works Suite 2002,
Microsoft Works Suite 2003 and
Microsoft Works Suite 2004
- Impact: Remote Code Execution
- Version Number: 1.0
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Office Security
Bulletin Summary for November 2003 at:
http://www.microsoft.com/technet/securi ... fnov03.asp
-
- Moderator
- Posts: 815
- Joined: Sun Sep 22, 2002 3:33 pm
- Contact:
And yet another one as well...
This one is an update to November 11's update.. which was an update to SP4. Stupid MS just needs to get it right...
This one is an update to November 11's update.. which was an update to SP4. Stupid MS just needs to get it right...
Title: Certificate Validation Flaw Could Enable Identity
Spoofing (329115)
Date: September 4,2002 (Revised November 11, 2003)
Software: Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT(r) 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac
Impact: Identity spoofing and, in some cases, ability to gain
control over a user's system.
Max Risk: Important
Bulletin: MS02-050
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 02-050.asp
Who is online
Users browsing this forum: No registered users and 1 guest