1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

All Critical Updates

Discussion in 'Virus & Other Malware Removal' started by eddie5659, Jan 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    edit by RR for those wishing to review the Critical Updates thread for 2003, here it is:

    http://forums.techguy.org/t109391/s.html

    Other MS related Security information can be found here:

    Security and Privacy

    Home Security Risk Assesment and Protection Steps

    ==============================================

    Hiya

    Maximum Severity Rating: Critical

    Who should read this document: Customers who use Microsoft® Internet Security and Acceleration Server 2000

    Affected Software:

    Microsoft Internet Security and Acceleration Server 2000

    Microsoft Small Business Server 2000 (which includes Microsoft Internet Security and Acceleration Server 2000)

    Microsoft Small Business Server 2003 (which includes Microsoft Internet Security and Acceleration Server 2000)


    Non Affected Software:

    Microsoft Proxy Server 2.0


    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-001.asp

    Regards

    eddie
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya


    Maximum Severity Rating: Moderate

    Recommendation: System administrators should install this security update on all front-end servers that are running Outlook Web Access for Exchange Server 2003. Microsoft also recommends installing this security update on all other Exchange 2003 servers so that they will be protected if they are later designated as front end servers


    Affected Software:

    Microsoft Exchange Server 2003



    Non Affected Software:

    Microsoft Exchange 2000 Server
    Microsoft Exchange Server 5.5


    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-002.asp

    Regards

    eddie
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    Maximum Severity Rating: Important



    Affected Software:

    Microsoft Data Access Components 2.5 (included with Microsoft Windows 2000)
    Microsoft Data Access Components 2.6 (included with Microsoft SQL Server 2000)
    Microsoft Data Access Components 2.7 (included with Microsoft Windows XP)
    Microsoft Data Access Components 2.8 (included with Microsoft Windows Server 2003)

    Note The same update applies to all these versions of MDAC

    Microsoft Data Access Components 2.8 (included with Windows Server 2003 64-Bit Edition)



    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-003.asp

    Regards

    eddie
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks.

    Examples include

    Voice over Internet Protocol (VoIP) devices and software
    Video conferencing equipment and software
    Session Initiation Protocol (SIP) devices and software
    Media Gateway Control Protocol (MGCP) devices and software
    Other networking equipment that may process H.323 traffic (e.g., routers and firewalls)



    http://www.cert.org/advisories/CA-2004-01.html

    Regards

    eddie
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    Maximum Severity Rating: Critical


    Affected Software:

    Microsoft Windows NT® Workstation 4.0 Service Pack 6a
    Microsoft Windows NT Server 4.0 Service Pack 6a
    Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
    Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
    Microsoft Windows XP, Microsoft Windows XP Service Pack 1
    Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1
    Microsoft Windows XP 64-Bit Edition Version 2003
    Microsoft Windows Server® 2003
    Microsoft Windows Server 2003, 64-Bit Edition



    Affected Components:

    Internet Explorer 6 Service Pack 1:
    Internet Explorer 6 Service Pack 1 (64-Bit Edition):
    Internet Explorer 6 for Windows Server 2003:
    Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
    Internet Explorer 6:
    Internet Explorer 5.5 Service Pack 2:
    Internet Explorer 5.01 Service Pack 4:
    Internet Explorer 5.01 Service Pack 3:
    Internet Explorer 5.01 Service Pack 2:


    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp

    Regards

    eddie
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    The Application Intelligence (AI) component of Check Point Firewall-1 is an application proxy that scans traffic for application layer attacks once it has passed through the firewall at the network level. Earlier versions of Firewall-1 include the HTTP Security Server, which provides similar functionality.

    Both the AI and HTTP Security Server features contain an HTTP parsing vulnerability that is triggered by sending an invalid HTTP request through the firewall. When Firewall-1 generates an error message in response to the invalid request, a portion of the input supplied by the attacker is included in the format string for a call to sprintf().


    This vulnerability allows remote attackers to execute arbitrary code on affected firewalls with administrative privileges, typically "SYSTEM" or "root".

    Systems Affected

    Check Point Firewall-1 NG FCS
    Check Point Firewall-1 NG FP1
    Check Point Firewall-1 NG FP2
    Check Point Firewall-1 NG FP3, HF2
    Check Point Firewall-1 NG with Application Intelligence R54
    Check Point Firewall-1 NG with Application Intelligence R55


    http://www.us-cert.gov/cas/techalerts/TA04-036A.html

    Regards

    eddie
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    Maximum Severity Rating: Important

    A security vulnerability exists in Microsoft Virtual PC for Mac. The vulnerability exists because of the method by which Virtual PC for Mac creates a temporary file when you run Virtual PC for Mac. An attacker could exploit this vulnerability by inserting malicious code into the file which could cause the code to be run with system privileges. This could give the attacker complete control over the system.

    To exploit this vulnerability, an attacker would have to already have a valid logon account on the local system, or the attacker would already have to have access to a valid logon account.


    Microsoft Virtual PC for Mac version 6.0
    Microsoft Virtual PC for Mac version 6.01
    Microsoft Virtual PC for Mac version 6.02
    Microsoft Virtual PC for Mac version 6.1



    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-005.asp

    Regards

    eddie
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    Maximum Severity Rating: Important

    A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS uses to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality.

    The possibility of a denial of service on Windows Server 2003 results from the presence of a security feature that is used in the development of Windows Server 2003. This security feature detects when an attempt is made to exploit a stack-based buffer overrun and reduces the chance that it can be easily exploited. This security feature can be forced to terminate the service to prevent malicious code execution. On Windows Server 2003, when an attempt is made to exploit the buffer overrun, the security feature reacts and terminates the service. This results in a denial of service condition of WINS. Because it is possible that methods may be found in the future to bypass this security feature, which could then enable code execution, customers should apply the update



    Affected Software

    Microsoft Windows NT® Server 4.0 Service Pack 6a
    Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000 Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4
    Microsoft Windows Server™ 2003
    Microsoft Windows Server 2003 64-Bit Edition



    Non Affected Software


    Microsoft Windows NT® Workstation 4.0 Service Pack 6a
    Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows 2000 Professional Service Pack 3, Microsoft Windows 2000 Professional Service Pack 4
    Microsoft Windows XP, Microsoft Windows XP Service Pack 1
    Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1
    Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1



    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-006.asp

    Regards

    eddie
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    Maximum Severity Rating: Critical

    A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.

    An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.

    Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platforms. More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648.


    Affected Software:


    Microsoft Windows NT® Workstation 4.0 Service Pack 6a
    Microsoft Windows NT Server 4.0 Service Pack 6a
    Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft 2000 Windows Service Pack 4
    Microsoft Windows XP, Microsoft Windows XP Service Pack 1
    Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1
    Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1
    Microsoft Windows Server™ 2003
    Microsoft Windows Server 2003 64-Bit Edition



    Affected Components:

    Microsoft ASN.1 Library

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-007.asp


    Regards

    eddie
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    A vulnerability was discovered in the SMB (Server Message Block) protocol
    parsing routines of the ISS Protocol Analysis Module (PAM) component found
    in some ISS products. The flaw relates to incorrect parsing of the SMB
    protocol, which may lead to a heap overflow condition.

    Affected Versions:

    RealSecure Network 7.0, XPU 20.15 through 22.9
    Real Secure Server Sensor 7.0 XPU 20.16 through 22.9
    Proventia A Series XPU 20.15 through 22.9
    Proventia G Series XPU 22.3 through 22.9
    Proventia M Series XPU 1.3 through 1.7
    RealSecure Desktop 7.0 eba through ebh
    RealSecure Desktop 3.6 ebr through ecb
    RealSecure Guard 3.6 ebr through ecb
    RealSecure Sentry 3.6 ebr through ecb
    BlackICE PC Protection 3.6 cbr through ccb
    BlackICE Server Protection 3.6 cbr through ccb



    http://xforce.iss.net/xforce/alerts/id/165


    eddie
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    I was going to pop this in Software, at the top, but really most people use Winzip, so put it here.

    The WinZip utility is a tool used to zip, unzip, and install software distributed in zip files for Microsoft Windows. WinZip version 8.1 and possibly earlier versions are vulnerable to a buffer overflow in the UUDeview package when decoding long strings. By sending a specially-crafted MIME archive file, an attacker can overflow a buffer and execute arbitrary code on the system with privileges of the user running WinZip.

    Platforms Affected:

    Microsoft Corporation Windows Any version
    WinZip Computing, Inc. WinZip 8.1




    http://xforce.iss.net/xforce/xfdb/15336

    Regards

    eddie
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    Maximum Severity Rating: Critical

    A security vulnerability exists within Outlook 2002 that could allow Internet Explorer to execute script code in the Local Machine zone on an affected system. The parsing of specially crafted mailto URLs by Outlook 2002 causes this vulnerability. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page.

    The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who successfully exploited this vulnerability could access files on a user's system or run arbitrary code on a user's system. This code would run in the security context of the currently logged-on user. Outlook 2002 is available as a separate product and is also included as part of Office XP.



    Affected Software

    • Microsoft Office XP Service Pack 2
    • Microsoft Outlook 2002 Service Pack 2


    Non Affected Software

    Microsoft Office 2000
    Microsoft Office XP
    Microsoft Office 2003
    Microsoft Outlook 2000
    Microsoft Outlook 2002
    Microsoft Outlook 2003

    http://www.microsoft.com/technet/security/bulletin/ms04-009.mspx

    Regards

    eddie
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality.


    Affected Software

    Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000 Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4


    Non Affected Software

    Microsoft Windows NT® Workstation 4.0 Service Pack 6a
    Microsoft Windows NT Server 4.0 Service Pack 6a
    Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows 2000 Professional Service Pack 3, Microsoft 2000 Professional Service Pack 4
    Microsoft Windows XP, Microsoft Windows XP Service Pack 1
    Microsoft Windows XP 64-Bit Edition Service Pack 1
    Microsoft Windows XP 64-Bit Edition Version 2003
    Microsoft Windows Server™ 2003
    Microsoft Windows Server 2003 64-Bit Edition

    Affected Components:
    Windows Media Services 4.1 (included with Microsoft Windows 2000 Server)


    Non Affected Components:

    Windows Media Services 9.0 Series (included with Microsoft Windows Server 2003)
    Windows Media Services 4.1


    http://www.microsoft.com/technet/security/bulletin/ms04-008.mspx

    Regards

    eddie
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    Thought I'd put this here, as it may get 'swallowed up' in Networking :)

    An unauthenticated, remote attacker could cause a denial of service in any application or system that uses a vulnerable OpenSSL SSL/TLS library


    Systems Affected

    Applications and systems that use the OpenSSL SSL/TLS library



    http://www.us-cert.gov/cas/techalerts/TA04-078A.html

    Regards

    eddie
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    35,977
    Hiya

    F-Secure Anti-Virus is an antivirus program for Microsoft Windows and Linux-based operating systems. F-Secure Backweb versions 6.31 and earlier, included in multiple F-Secure Anti-Virus products, could allow a local attacker to gain elevated privileges on the system. A local attacker could exploit a vulnerability in the Backweb user interface to gain elevated privileges on the system.

    Platforms Affected:

    F-Secure Corporation: F-Secure Backweb 6.31 and earlier
    kernel.org: Linux Any version
    Microsoft Corporation: Windows Any version




    http://xforce.iss.net/xforce/xfdb/15745

    Regards

    eddie
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220750

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice