Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

FYI: Microsoft publishes updates for Windows and Exchange

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
 
Prisoner_Number_Six Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-16-03 11:43 AM
Original message
FYI: Microsoft publishes updates for Windows and Exchange
Posted in GD as a public service.
------

"Fall seven times, stand up eight."
Proverb.

- Microsoft publishes updates for Windows and Exchange -

Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, October 16, 2003 - Microsoft has published several security bulletins informing about seven vulnerabilities -five affecting Windows and the other two affecting Exchange-, and the security patches that fix them.

Five of these security flaws have been classified as critical, one as important and the other as moderate. In general these vulnerabilities affect all Windows systems (Windows 2000, NT, XP and Server 2003) and Exchange Server 5.5 and 2000.

The first of these Windows vulnerabilities lies in 'Authenticode' and could allow ActiveX controls to be downloaded and run remotely without the user's permission. The second has similar effects and causes a buffer overflow in 'ActiveX Windows Troubleshooter Control'. The third and fourth flaws allow arbitrary code to be run and affect 'Messenger Service' and 'Windows Help and Support Center', respectively. Finally, a buffer overflow in the 'ListBox' and 'ComboBox' controls allows code to be run locally.

Of the two security flaws detected in Exchange, the first is the most dangerous, as it involves a buffer overflow in the SMTP service and could allow arbitrary code to be run. The second is a cross-site scripting vulnerability in Exchange Server 5.5 Outlook Web Access.

In line with its new security policy -in which security patches will be released as a package once a month-, Microsoft has published all the security bulletins and patches described above in two summaries. The one referring to Windows is available at: http://www.microsoft.com/technet/security/bulletin/winoct03.asp, and the Exchange Server summary is available at: http://www.microsoft.com/technet/security/bulletin/excoct03.asp. From these addresses you can access the bulletin for each vulnerability and the patches that fix it.

NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
Printer Friendly | Permalink |  | Top

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC