Microsoft Security Bulletins

Hardware, Software, Internet, etc.

Moderators: Big-O Ryan, Big-O Mark, Matt, jester22c

fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Title: Cumulative Patch for Internet Explorer (818529)
Date: 04 June 2003
Software: Microsoft(r) Microsoft Internet Explorer(r) 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003
Impact: Allow an attacker to execute code of their choice
Max Risk: Critical
Bulletin: MS03-020

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-020.asp
http://www.microsoft.com/security/secur ... 03-020.asp
BigHead
Fanatic
Fanatic
Posts: 127
Joined: Thu Nov 14, 2002 8:25 pm
Location: somewere in the USA
Contact:

Post by BigHead »

Title: Flaw In Windows Media Player May Allow Media Library
Access (819639)
Date: 25 June 2003
Software: Microsoft(r) Windows(r) Media Player 9 Series
Impact: Information disclosure
Max Risk: Moderate
Bulletin: MS03-021

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-021.asp
http://www.microsoft.com/security/secur ... 03-021.asp


Title: Flaw in ISAPI Extension for Windows Media Services Could
Cause Code Execution (822343)
Date: 25 June 2003
Software: Microsoft(r) Windows(r) 2000
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-022

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-022.asp
http://www.microsoft.com/security/secur ... 03-022.asp
Last edited by BigHead on Wed Jun 25, 2003 8:02 pm, edited 1 time in total.
BigHead
~2592~
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

ya know some links might be helpful to download the patches :wink:
BigHead
Fanatic
Fanatic
Posts: 127
Joined: Thu Nov 14, 2002 8:25 pm
Location: somewere in the USA
Contact:

Post by BigHead »

sry, i updated my post
BigHead
~2592~
BigHead
Fanatic
Fanatic
Posts: 127
Joined: Thu Nov 14, 2002 8:25 pm
Location: somewere in the USA
Contact:

Post by BigHead »

Title: Buffer Overrun In HTML Converter Could Allow Code
Execution (823559)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Allow an attacker to execute code of their choice
Max Risk: Critical
Bulletin: MS03-023

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-023.asp
http://www.microsoft.com/security/secur ... 03-023.asp



Title: Buffer Overrun in Windows Could Lead to Data
Corruption (817606)
Date: 09 July 2003
Software:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Windows XP Professional
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-024

Microsoft encourages customers to review the Security Bulletins
at: http://www.microsoft.com/technet/securi ... etin/MS03-
024.asp http://www.microsoft.com/security/secur ... 03-024.asp
BigHead
~2592~
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Title: Flaw in Windows Message Handling through Utility
Manager Could Enable Privilege Elevation (822679)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 2000
Impact: Privilege Elevation
Max Risk: Important
Bulletin: MS03-025

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-025.asp
http://www.microsoft.com/security/secur ... 03-025.asp
BigHead
Fanatic
Fanatic
Posts: 127
Joined: Thu Nov 14, 2002 8:25 pm
Location: somewere in the USA
Contact:

Post by BigHead »

Title: Buffer Overrun In RPC Interface Could Allow Code
Execution (823980)

Date: 16 July 2003
Software: Microsoft(r) Windows (r) NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-026

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-026.asp
http://www.microsoft.com/security/secur ... 03-026.asp
BigHead
~2592~
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Title: Flaw in ISA Server Error Pages Could Allow Cross-Site
Scripting Attack (816456)
Date: 16 July 2003
Software: Microsoft(r) ISA Server
Max Risk: Important
Bulletin: MS03-028

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-028.asp
http://www.microsoft.com/security/secur ... 03-028.asp



--------

Title: Unchecked Buffer in Windows Shell Could Enable System
Compromise (821557)
Date: 16 July 2003
Software: Microsoft(r) Windows (r) XP
Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-027

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-027.asp
http://www.microsoft.com/security/secur ... 03-027.asp
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Title: Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Date: July 23, 2003
Software: Microsoft DirectX(r) 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.0a on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.1 on Windows XP
Microsoft DirectX 8.1 on Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98
Microsoft DirectX 9.0a when installed on Windows 98 SE
Microsoft DirectX 9.0a when installed on Windows
Millennium Edition
Microsoft DirectX 9.0a when installed on Windows 2000
Microsoft DirectX 9.0a when installed on Windows XP
Microsoft DirectX(r) 9.0a when installed on Windows
Server 2003
Microsoft Windows NT 4.0 Server with either Windows
Media Player 6.4 or Internet Explorer 6 Service Pack 1
installed.
Microsoft Windows NT 4.0, Terminal Server Edition with
either Windows Media Player 6.4 or Internet Explorer 6
Service Pack 1 installed.

Impact: Allow an attacker to execute code on a user's system
Max Risk: Critical
Bulletin: MS03-030

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-030.asp
http://www.microsoft.com/security/secur ... 03-030.asp

--------------------

Title: Flaw in Windows Function Could Allow Denial of Service
Date: 23 July 2003
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-029.asp
http://www.microsoft.com/security/secur ... 03-029.asp

----------------------

Title: Cumulative Patch for Microsoft SQL Server
Date: 23 July 2003
Software:
- Microsoft SQL Server 7.0
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (Windows)

Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-031

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-031.asp
http://www.microsoft.com/security/secur ... 03-031.asp
BigHead
Fanatic
Fanatic
Posts: 127
Joined: Thu Nov 14, 2002 8:25 pm
Location: somewere in the USA
Contact:

Post by BigHead »

- - -----------------------------------------------------------------
Title: Buffer Overrun in Windows Could Lead to Data
Corruption (817606)
Date: 09 July 2003
Software:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Windows XP Professional
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-024

Microsoft encourages customers to review the Security Bulletins
at: http://www.microsoft.com/technet/securi ... etin/MS03-
024.asp
http://www.microsoft.com/security/secur ... 03-024.asp
- - -----------------------------------------------------------------


- - - ---------------------------------------------------------------
Title: Flaw in Windows Message Handling through Utility
Manager Could Enable Privilege Elevation (822679)
Date: 09 July 2003
Software: Microsoft(r) Windows (r) 2000
Impact: Privilege Elevation
Max Risk: Important
Bulletin: MS03-025

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-025.asp
http://www.microsoft.com/security/secur ... 03-025.asp
- - - ---------------------------------------------------------------
BigHead
~2592~
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Title: Flaw in Windows Function Could Allow Denial of Service (823803)
Date: 23 July 2003 (Revised 13 August 2003)
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/securi ... 03-029.asp
http://www.microsoft.com/security/secur ... 03-029.asp
Subsequent to issuing this security bulletin, Microsoft identified a
problem with the security patch which specifically affects systems
which have the Remote Access Service (RAS) enabled on them. This
causes RAS to fail when the system is rebooted after applying the
patch. It does not affect other non-RAS functions, nor is there a
problem with the actual fix for the security vulnerability itself.
Microsoft has developed a fix for this issue and is re-releasing this
bulletin to reflect the new updated patch.

Stupid Microsoft ...
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Wow oh wow.. is it the middle of the month already?! More Security Fixes! :roll: -- We got lots of them today!
Title: Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Released: 23 July 2003
Revised: 20 August 2003 (version 2.0)

Software: Microsoft DirectX(r) 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.1 on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b when
installed on Windows 98, Windows 98 SE, Windows
Millennium Edition or Windows 2000
Microsoft DirectX 8.1 on Windows XP or
Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98,
Windows 98 SE, Windows Millennium Edition (Windows Me),
Windows 2000, Windows XP, or Windows Server 2003
Microsoft Windows NT 4.0 Server with either Windows
Media Player 6.4 or Internet Explorer 6 Service Pack 1
installed.
Microsoft Windows NT 4.0, Terminal Server Edition with
either Windows Media Player 6.4 or Internet Explorer 6
Service Pack 1 installed.

Impact: Allow an attacker to execute code on a user's system
Max Risk: Critical
Bulletin: MS03-030

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 03-030.asp
http://www.microsoft.com/security/secur ... 03-030.asp


Reason for Revision:
====================
Subsequent to the original release of this bulletin, customers
requested that we support additional versions of DirectX that were
not covered by the original patches. This bulletin has been updated
to provide information about this new patch.
================
Title: Unchecked Buffer in MDAC Function Could Enable System Compromise (Q326573)
Released: 31 July 2003
Revised: 20 August 2003 (version 2.0)
Software: Microsoft Data Access Components 2.5
Microsoft Data Access Components 2.6
Microsoft Data Access Components 2.7
Impact: Run code of the attacker's choice.
Max Risk: Critical

Bulletin: MS02-040

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 02-040.asp
http://www.microsoft.com/security/secur ... 02-040.asp

Reason for Revision:
====================
Subsequent to the release of this bulletin, it was determined that
the vulnerability addressed is not with the OpenRowSet command
(which is a Microsoft SQL Server command) but rather that the
vulnerability is with the underlying MDAC component Open Database
Connectivity (ODBC), which is present in all versions of Windows.
Additionally, the original patch released with this did not install
correctly on some systems because of a flaw in the way that
Microsoft Windows Installer updated the System File Protection
cache. The bulletin has been updated to include this additional
information and to direct users to an updated patch.
===============================

Title: Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Date: 20 August 2003
Software:
- Microsoft Data Access Components 2.5
- Microsoft Data Access Components 2.6
- Microsoft Data Access Components 2.7

Impact: Run code of the attacker's choice
Max Risk: Important
Bulletin: MS03-033

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-033.asp
http://www.microsoft.com/security/secur ... 03-033.asp
=============================
Title: Cumulative Patch for Internet Explorer (822925)
Date: 20 August 2003
Software:

- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 for Windows Server 2003

Impact: Run code of the attacker's choice
Max Risk: Critical
Bulletin: MS03-032

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/securi ... 03-032.asp
http://www.microsoft.com/security/secur ... 03-032.asp
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Wow.. it's been awhile. Time for some updates.
itle: Microsoft Windows Security Bulletin Summary for
       November 2003
Issued: November 11, 2003
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/securi ... nnov03.asp
- --------------------------------------------------------------------

Summary:
========
Included in this advisory are three updates describing newly
discovered vulnerabilities in Microsoft Windows. These
vulnerabilities, broken down by severity are:

** Critical Security Bulletins

    MS03-048 - Cumulative Update for Internet Explorer (824145)

             - Affected Software:
               - Microsoft Windows Millennium Edition
               - Microsoft Windows NT Workstation 4.0,
                 Service Pack 6a
               - Microsoft Windows NT Server 4.0, Service Pack 6a
               - Microsoft Windows NT Server 4.0, Terminal Server
                 Edition, Service Pack 6
               - Microsoft Windows 2000 Service Pack 2, Service
                 Pack 3, and Service Pack 4
               - Microsoft Windows XP,
                 Microsoft Windows XP Service Pack 1
               - Microsoft Windows XP 64-Bit Edition
               - Microsoft Windows XP 64-Bit Edition Version 2003
               - Microsoft Windows Server 2003
               - Microsoft Windows Server 2003 64 bit Edition

             - Impact: Remote Code Execution
             - Version Number: 1.0

    MS03-049 - Buffer Overrun in the Workstation Service Could Allow
               Code Execution (828749)

             - Affected Software:
               - Microsoft Windows 2000 Service Pack 2, Service
                 Pack 3, and Service Pack 4
               - Microsoft Windows XP,
                 Microsoft Windows XP Service Pack 1
               - Microsoft Windows XP 64-Bit Edition

             - Impact: Remote Code Execution
             - Version Number: 1.0

    MS03-051 - Buffer Overrun in Microsoft FrontPage Server
               Extensions Could Allow Code Execution (813360)

             - Affected Software:
               - Microsoft Windows 2000 Service Pack 2, Service
                 Pack 3
               - Microsoft Windows XP,
                 Microsoft Windows XP Service Pack 1
               - Microsoft Office XP,
                 Microsoft Office Service Release 1

             - Impact: Remote Code Execution
             - Version Number: 1.0

Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For a11itional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows Security
Bulletin Summary for November 2003 at:
http://www.microsoft.com/technet/securi ... nnov03.asp
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

And one for Microsoft Office as well...
Title: Microsoft Office Security Bulletin Summary for
       November 2003
Issued: November 11, 2003
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/securi ... fnov03.asp
- --------------------------------------------------------------------

Summary:
========
Included in this advisory is an update describing newly discovered
vulnerabilities in Microsoft Office (Microsoft Word and Excel). These
vulnerabilities, broken down by severity are:

** Important Security Bulletins

    MS03-050 - Vulnerabilities in Microsoft Word and Microsoft
                Excel Could Allow Arbitrary Code to run (831527)

             - Affected Software:
               - Microsoft Excel 97
               - Microsoft Excel 2000
               - Microsoft Excel 2002
               - Microsoft Word 97
               - Microsoft Word 98(J)
               - Microsoft Word 2000, Microsoft Works Suite 2001
               - Microsoft Word 2002, Microsoft Works Suite 2002,
                 Microsoft Works Suite 2003 and
                 Microsoft Works Suite 2004

             - Impact: Remote Code Execution
             - Version Number: 1.0

Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Office Security
Bulletin Summary for November 2003 at:
http://www.microsoft.com/technet/securi ... fnov03.asp
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

And yet another one as well...
This one is an update to November 11's update.. which was an update to SP4. Stupid MS just needs to get it right... :roll:
Title:      Certificate Validation Flaw Could Enable Identity
            Spoofing (329115)
Date:       September 4,2002 (Revised November 11, 2003)
Software:   Microsoft Windows 98
            Microsoft Windows 98 Second Edition
            Microsoft Windows Me
            Microsoft Windows NT(r) 4.0
            Microsoft Windows NT 4.0, Terminal Server Edition
            Microsoft Windows 2000
            Microsoft Windows XP
            Microsoft Office for Mac
            Microsoft Internet Explorer for Mac
            Microsoft Outlook Express for Mac

Impact:     Identity spoofing and, in some cases, ability to gain
            control over a user's system.
Max Risk:   Important
Bulletin:   MS02-050

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/securi ... 02-050.asp
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests