WindowsUpdate

[Guest LilBambi]

Dated: MARCH 19, 2003A new software vulnerability that affects a number of different versions of Microsoft Corp.'s Windows operating system could enable remote attackers to use a Web page or HTML formatted e-mail message to run their own malicious code on a Windows machine....The vulnerability affects all supported versions of the Windows operating system including Windows 98, 98 Second Edition, ME, NT 4.0, 2000 and XP, the company said.

Just in case you didn't see anything about this, this is a quote from the following ComputerWorld.com articleSee Microsoft's security bulletin for details: MS03-008

[Stryder]

Dated: MARCH 19, 2003A new software vulnerability that affects a number of different versions of Microsoft Corp.'s Windows operating system could enable remote attackers to use a Web page or HTML formatted e-mail message to run their own malicious code on a Windows machine....The vulnerability affects all supported versions of the Windows operating system including Windows 98, 98 Second Edition, ME, NT 4.0, 2000 and XP, the company said.

Just in case you didn't see anything about this, this is a quote from the following ComputerWorld.com articleSee Microsoft's security bulletin for details: MS03-008

Fran, I think you are making this up. I have never seen an MS product with buffer overflow problems. Where do you people come up with this stuff??

[Guest LilBambi]

hehehe

[Guest LilBambi]

MS03-008: JScript engine sort overflowMicrosoft released MS03-008 ("Script engine sort overflow"). Theinternal JScript JsArrayFunctionHeapSort function contains an integeroverflow that allows a malicious Web site or e-mail to executearbitrary code on the user's system.MS03-008

[Guest LilBambi]

DirectX 9.0a is back up again ... it was up and down and now back again .... make up our minds already This is not a Critical Update but....Microsoft DirectX is a group of technologies designed to make Windows-based computers an ideal platform for running and displaying applications rich in multimedia elements such as full-color graphics, video, 3D animation, and rich audio. DirectX 9.0a includes security and performance updates, along with many new features across all technologies, which can be accessed by applications using the DirectX 9.0 APIs. This release also resolves an issue with DirectX 9.0 where some multiplayer games or MSN Messenger may not work correctly. A number of minor bugs were also resolved.Supported Operating Systems:Windows 98, Windows ME, Windows 2000, Windows XPUpdate 3/28/03: New Microsoft Knowledge Base Article regarding the original DirectX 9.0 and the new DirectX 9.0a - 812509Some folks experienced problems with some multi-player games and MSN Messenger after installing the original DirectX 9.0. Apparently DirectX 9 implements the use of Universal Plug and Pray...I mean Play. The knowledge base article says that Universal Plug and Play is a function that automatically opens and closes port on the router.According to the KB article these problems can happen if your router does not properly implement Universal Plug and Play. They recommend: (1) installing the new DirectX 9.0a and (2) updating your router firmware (in this order). Thought/Question: I am thinking that an additional layer of a personal firewall might now be looking like a necessity for check and balance if Universal Plug and Play, on a computer that could potentially be infected with viral infection, will be now in CONTROL of AUTOMATICALLY opening and closing PORTS on your FIREWALL/router!Doesn't this sound like the fox guarding the hen house? Something just doesn't sound right. Or am I missing something? Edited March 28, 2003 by LilBambi

[Guest LilBambi]

MS03-010 - Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)Posted: March 26, 2003This one affects:Customers using Microsoft® Windows® NT 4.0, Windows 2000, or Windows XP Impact of vulnerability: Denial of Service Maximum Severity Rating: Important Recommendation: Customers should install the patch at the earliest opportunity Consumers can get it from WindowsUpdate site.

[Guest LilBambi]

MS03-010: FLaw in RPC Endpoint Mapper Could allow Denial of Service AttacksThis article was previously published under Q331953Affects:Microsoft Windows XP ProfessionalMicrosoft Windows XP Home EditionMicrosoft Windows XP 64-Bit EditionMicrosoft Windows 2000 Advanced ServerMicrosoft Windows 2000 ProfessionalMicrosoft Windows 2000 ServerMicrosoft Windows NT Server 4.0Microsoft Windows NT Workstation 4.0But don't expect a fix for WinNT

There is a vulnerability in the part of the remote procedure call (RPC) functionality that deals with message exchange over TCP/IP. The vulnerability results because of incorrect handling of malformed messages. This particular vulnerability affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. The RPC Endpoint Mapper service allows RPC clients to determine the port number currently assigned to a particular RPC service. Microsoft has provided patches to correct this vulnerability for Windows 2000 and Windows XP. Although Windows NT 4.0 is affected by this vulnerability, Microsoft cannot provide a patch for this vulnerabilty for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability. Windows NT 4.0 users are strongly encouraged to employ the workaround that is discussed in the MS03-10 Security Bulletin. You can use this workaround to protect the Windows NT 4.0 system with a firewall that blocks Port 135. To view the MS03-10 Security Bulletin, visit the following Microsoft Web site:http://www.microsoft.com/technet/security/...in/MS03-010.asp

[Guest LilBambi]

For Win2K Users:Windows Does Not Start After You Apply Security Roll Up Package Q319733The information in this article applies to:Microsoft Windows 2000 Advanced ServerMicrosoft Windows 2000 ServerMicrosoft Windows 2000 ProfessionalThe article was previously published under Q329894

After you use Windows Update to apply Security Roll Up Package Q319733, you may receive the following error message when the computer restarts: The Procedure entry point LsaOpenPolicySce could not be located in the dynamic link library ADVAPI32.dll.

The Microsoft page says that this can happen when using their WindowsUpdate to apply this Security Rollup and a fix and workaround are listed on the page.

[jbredmound]

DirectX 9.0a is back up again ... it was up and down and now back again .... make up our minds already  This is not a Critical Update but....

I don't know if you noted my topic on the Direct X update. Several folks (including myself), running W2K, started getting persistent message boxes stating that unrecognized code and replaced recognized code, and 2K had to fix it. Throw in the OS CD, and...nothing...no fix After I linked the download to the problem (timing), I downloaded the complete Direct X file, and viola! ...no more bad Mr Message Box.Perhaps folks running 2K should skip the patch and just download the whole enchilada.I want a firewall to watch my firewall. I already have an AV pgm to watch my AV pgm ...I want stealth. Would another firewall program be compatable with Zone Alarm? Can you see me? I want to be the invisible man.

[Guest LilBambi]

What You Should Know About Microsoft Security Bulletin MS03-011This was Microsoft's latest security patch update released yesterday, April 9, 2003.

Why We Are Issuing This UpdateA security issue has been identified in the Microsoft® virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows®. This issue could enable a Web site to compromise your system and take actions such as changing data, loading and running programs, and reformatting the hard disk. You can help protect your computer by installing this update.

This vulnerability affects all Microsoft Virtual Machines (all versions).The webpage listed above gives instructions on how to tell if you have the Microsoft Virtual Machine currently installed on your Windows system.More technical details are available here on Microsoft's TechNet.Excerpt from the TechNet site:

The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail.

More on the two sites listed in this posting.This is considered to be a Critical update.----NOTE: I updated my Win98se this morning with this single critical update. Upon finishing the installation it reported that it had successfully installed. However, upon reboot, a dos box came up and very quickly disappeared as often happens when you do an update reporting that it installed correctly whatever it had to wait till reboot to do, and then my system promptly hung. Completely.I rebooted into DOS mode and ran Fred Langa's Clean9x and did a complete scan of the hard drive (it fixed the filesystem).I rebooted normally, and then got a DDHELP GPF in KRNL386.exe as soon as I went into Windows.I shutdown again and went to safe mode and turned off my swap file and rebooted back into safe mode and turned it back on; rebooted normally and all was fine. And has been fine ever since.Everything was working fine before I did the update, however, who knows for sure if it was responsible for this strange behavior.Your mileage may vary ...

[benhenry]

This vulnerability affects all Microsoft Virtual Machines (all versions).

Hi Bambi... this question is sure going to expose my ignorance. Ah well, I guess I couldn't hide it for long.Several months ago I downloaded and installed Sun's Java 2 v 1.4.1_01 on a recommendation and have used it ever since. It shows in my IE... Tools>Internet Options>Advanced Tab>In the Section called "Java (Sun)" there is a check in the box beside "Use Java".In the Section called "Microsoft VM" there is a check in the box for "JIT compiler"Whenever I notice a Java function (applet?) on a web page, I see the little coffee cup in the space and then the thing loads and does its thing. So I believe everything is ok.My question is: Can these Microsoft virtual machine vulnerabilities affect my computer even if I'm not using it? Should I disable the Sun Java, reboot, then update the Microsoft VM, then reboot to use Sun again?Jeepers. I wish those two could just learn to get along. Please advise?

[Guest LilBambi]

I also use Sun's Java in place of Microsoft's Java on my computer. Now that's a thought, hmmmmm...no, that couldn't be why I had a problem with it messing with my filesystem could it? Hmmmm But M$ Java VM is installed on my system, and I wanted it updated to the latest for a couple reasons:1. I will have to install it on other systems, so I wanted to see what issues might come up.2. I hate getting those stupid WindowsUpdate reminders for the critical updates.3. I may wish to switch over at some time to using M$'s Java VM at some point and I would want to make sure I have the darn thing patched. (Don't know why, but it could happen.)4. I do not know to what extent M$ Java VM is integrated so was taking no chances.

[Guest LilBambi]

The flag is nearing half mast for Windows 98 and Windows 98SEWell, M$ is winding down with its support of Windows 98 and Windows98se:http://support.microsoft.com/default.aspx?scid=fh;[ln];lifean1(be sure to copy the last part ";[in];lifean1" (sans quotes) into the browser if it doesn't show it as part of the URL here in the Forums for you).June 30, 2003 will be the last day (unless they change their mind).WindowsUpdates for Desktop Windows UsersHere are the most recent Critical Updates that Microsoft put out - the first two were just put out today:Microsoft Security Bulletin MS03-015 - Cumulative Patch for Internet Explorer (813489)

Originally posted: April 23, 2003Who should read this bulletin: Customers using Microsoft® Internet Explorer. Impact of vulnerability: Four new vulnerabilities, the most serious of which could enable an attacker to execute arbitrary code on a user’s system if the user either browsed to a hostile web site or opened a specially crafted HTML email message. Maximum Severity Rating: Critical Recommendation: System administrators should install the patch immediately Affected Software: Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0

Microsoft Security Bulletin MS03-013 - Cumulative Patch for Outlook Express (330994)

Originally posted: April 23, 2003Who should read this bulletin: Customers using Outlook Express. Impact of vulnerability: This bulletin addresses a vulnerability that could allow an attacker to run code of the attacker’s choice on a user’s machine. To exploit the vulnerability, attacker would have to be able to cause Windows to open a specially constructed MHTML URL, either on a web site or included in an HTML email message. Maximum Severity Rating: Critical Recommendation: Customers should install the patch at the earliest opportunity. Affected Software: Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0