|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Microsoft issues patches for five software flaws
From: InfoSec News (isn
c4i.org)
Date: Thu Oct 16 2003 - 01:24:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.nwfusion.com/news/2003/1020mssec.html
By Linda Rosencrance
Computerworld
10/15/03
Microsoft Wednesday issued its first monthly security update since
announcing the new initiative last week.
The update consists of five Windows vulnerabilities, four of which the
company deemed "critical."
Three of the flaws affect all recent Microsoft operating systems,
including Windows NT, Windows 2000, Windows XP and Windows Server
2003. The fourth critical flaw affects only Windows 2000.
According to security bulletin MS03-041, there is a vulnerability in
Authenticode that, under certain low-memory conditions, could allow an
ActiveX control to download and install without asking the user for
approval to do so. An attacker could host a malicious Web site
designed to exploit this vulnerability, Microsoft said.
According to security bulletin MS03-042, a vulnerability exists in the
Microsoft Local Troubleshooter ActiveX control (Tshoot.ocx), which
could allow a buffer overflow that would let an attacker run malicious
code on a user's system.
According to security bulletin MS03-043, a flaw in the operating
system's Messenger Service could allow arbitrary code to be executed
on an affected system. The vulnerability results because the Messenger
Service doesn't properly validate the length of a message before
passing it on to the allocated buffer.
According to security bulletin MS03-044, a flaw exists in the Help and
Support Center function that ships with Windows XP and Windows Server
2003. The vulnerability can arise when a file associated with the
Human Communications Protocol contains an unchecked buffer.
An attacker could exploit the vulnerability by constructing a URL
that, when clicked on by the user, could execute malicious code.
The fifth vulnerability, which was listed by Microsoft in Security
Bulletin MS03-045 as "important," affects Windows NT, Windows 2000,
Windows XP and Windows Server 2003 and could give an attacker
"complete control over the system by using Utility Manager in Windows
2000."
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]