- Feb 1, 2001
- 6,135
- 2
- 0
Would have posted this a couple hours ago but it's just getting repetitive. I *really* need to setup SUS one of these days, I think I can run windowsupdate on all my machines at home in my sleep now. I didn't even read the articles this time, blah, you know the deal. Patch now or forever hold your peace.
-----BEGIN PGP SIGNED MESSAGE-----
- --------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for October
2003
Issued: October 15, 2003
Version Number: 1.0
Bulletin: http://www.microsoft.com/technet/security/winoct03.asp
- --------------------------------------------------------------------
Summary:
========
Included in this advisory are updates for five newly discovered
vulnerabilities in Microsoft Windows. These vulnerabilities,
broken down by severity are:
\\Critical Security Bulletins\\
MS03-041 - Vulnerability in Authenticode Could Allow Remote
Code Execution (823182)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-042 - Buffer Overflow in the Windows Troubleshooter
ActiveX Control Could Allow Code Execution (826232)
- Affected Software:
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-043 - Buffer Overrun in Messenger Service Could Allow
Code Execution (828035)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-044 - Buffer Overflow in Windows Help and Support Center
Could lead to System Compromise (825119)
- Affected Software:
- Windows Millennium Edition
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
\\Important Security Bulletins\\
MS03-045 - Buffer Overrun in the ListBox and in the ComboBox
Control Could Allow Code Execution (824141)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows
Security Bulletin Summary for October at:
http://www.microsoft.com/technet/security/winoct03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- - Greg Jones of KPMG UK (http://www.kpmg.co.uk) and
Cesar Cerrudo (cesarc56@yahoo.com)
for reporting the issue described in MS03-042.
- - The Last Stage of Delirium Research Group (http://lsd-pl.net)
for reporting the issue in MS03-043.
- - David Litchfield of Next Generation Security Software Ltd.
(http://www.nextgenss.com)
for reporting the issue in MS03-044.
- - Brett Moore of Security-Assessment.com
(http://www.security-assessment.com)
for reporting the issue in MS03-045.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PCSAFETY. There is no charge for support calls
associated with security patches.
Revisions:
==========
* V1.0 October 15, 2003: Bulletin Created.
********************************************************************
Protect your PC:
Microsoft has provided information on how you can
help protect your PC at the following locations:
http://www.microsoft.com/technet/security/protect
Patch Management Strategies:
The Microsoft Guide to Security Patch Management Web Site provides
additional information about Microsoft's best practice recommendations for
applying security patches:
http://www.microsoft.com/technet/security/topics/patch/secpatch/Defaul
t.asp
IT Pro Security Zone Community:
Learn to improve security and optimize your IT infrastructure, and
participate with other IT Pros on security topics:
http://www.microsoft.com/technet/security/community/default.mspx
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here: http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
- --------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
- --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP42W4I0ZSRQxA/UrAQFGowf+MPOn14ykPMlaJ7MTaQn7egikb9tKAUO9
Hsmn5peRN61dBfb9rgGzWkHiyGd42/cH6SB+uSuyoO+HMWBebgUAXvCWm2xaEIWk
KUJZV2JDH5fe19GwrcPVY0KBkmbrLk97ypl75Dfkn4HDuJTR/XO7DTYqMNlBX5S5
3C53hsElQciC9Huzy2UguOGqzl0lV5WL5dwggj58p04w9wY25xQvTpbl1Hp5/4Xx
vCDsX2snAmgEKVBaEUVuN5HLEFKNBI+VVNXbtjf9l2VUpzzJ/rvk/elereC4cACx
WkZ9j6wOHmeolDwC5mu+xVEeSD52qhfXsQJYjlxVLQ0/ALBa5mGkzg==
=LZVf
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit
http://www.microsoft.com/technet/security/notify.asp.
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
If you do not wish to use Microsoft Passport, you can unsubscribe from the
Microsoft Security Notification Service via email as described below: Reply
to this message with the word UNSUBSCRIBE in the Subject line.
For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
-----BEGIN PGP SIGNED MESSAGE-----
- --------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for October
2003
Issued: October 15, 2003
Version Number: 1.0
Bulletin: http://www.microsoft.com/technet/security/winoct03.asp
- --------------------------------------------------------------------
Summary:
========
Included in this advisory are updates for five newly discovered
vulnerabilities in Microsoft Windows. These vulnerabilities,
broken down by severity are:
\\Critical Security Bulletins\\
MS03-041 - Vulnerability in Authenticode Could Allow Remote
Code Execution (823182)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-042 - Buffer Overflow in the Windows Troubleshooter
ActiveX Control Could Allow Code Execution (826232)
- Affected Software:
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-043 - Buffer Overrun in Messenger Service Could Allow
Code Execution (828035)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS03-044 - Buffer Overflow in Windows Help and Support Center
Could lead to System Compromise (825119)
- Affected Software:
- Windows Millennium Edition
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
\\Important Security Bulletins\\
MS03-045 - Buffer Overrun in the ListBox and in the ComboBox
Control Could Allow Code Execution (824141)
- Affected Software:
- Windows NT Workstation 4.0, Service Pack 6a
- Windows NT Server 4.0, Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition,
Service Pack 6
- Windows 2000, Service Pack 2
- Windows 2000, Service Pack 3, Service Pack 4
- Windows XP Gold, Service Pack 1
- Windows XP 64-bit Edition
- Windows XP 64-bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows
Security Bulletin Summary for October at:
http://www.microsoft.com/technet/security/winoct03.asp
Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- - Greg Jones of KPMG UK (http://www.kpmg.co.uk) and
Cesar Cerrudo (cesarc56@yahoo.com)
for reporting the issue described in MS03-042.
- - The Last Stage of Delirium Research Group (http://lsd-pl.net)
for reporting the issue in MS03-043.
- - David Litchfield of Next Generation Security Software Ltd.
(http://www.nextgenss.com)
for reporting the issue in MS03-044.
- - Brett Moore of Security-Assessment.com
(http://www.security-assessment.com)
for reporting the issue in MS03-045.
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PCSAFETY. There is no charge for support calls
associated with security patches.
Revisions:
==========
* V1.0 October 15, 2003: Bulletin Created.
********************************************************************
Protect your PC:
Microsoft has provided information on how you can
help protect your PC at the following locations:
http://www.microsoft.com/technet/security/protect
Patch Management Strategies:
The Microsoft Guide to Security Patch Management Web Site provides
additional information about Microsoft's best practice recommendations for
applying security patches:
http://www.microsoft.com/technet/security/topics/patch/secpatch/Defaul
t.asp
IT Pro Security Zone Community:
Learn to improve security and optimize your IT infrastructure, and
participate with other IT Pros on security topics:
http://www.microsoft.com/technet/security/community/default.mspx
If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here: http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
- --------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
- --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP42W4I0ZSRQxA/UrAQFGowf+MPOn14ykPMlaJ7MTaQn7egikb9tKAUO9
Hsmn5peRN61dBfb9rgGzWkHiyGd42/cH6SB+uSuyoO+HMWBebgUAXvCWm2xaEIWk
KUJZV2JDH5fe19GwrcPVY0KBkmbrLk97ypl75Dfkn4HDuJTR/XO7DTYqMNlBX5S5
3C53hsElQciC9Huzy2UguOGqzl0lV5WL5dwggj58p04w9wY25xQvTpbl1Hp5/4Xx
vCDsX2snAmgEKVBaEUVuN5HLEFKNBI+VVNXbtjf9l2VUpzzJ/rvk/elereC4cACx
WkZ9j6wOHmeolDwC5mu+xVEeSD52qhfXsQJYjlxVLQ0/ALBa5mGkzg==
=LZVf
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit
http://www.microsoft.com/technet/security/notify.asp.
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
If you do not wish to use Microsoft Passport, you can unsubscribe from the
Microsoft Security Notification Service via email as described below: Reply
to this message with the word UNSUBSCRIBE in the Subject line.
For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
Facebook
Twitter