Jump to content

Microsoft Monthly Update


nlinecomputers

Recommended Posts

nlinecomputers

It is the second Tuesday of the month and as scheduled Microsoft has released all the newly issued patches for the month.Microsoft has issued 3 patches. One to correct a buffer overflow that can allow an attacker to gain control of the computer, a set of patches to fix various security issues in Internet Explorer that allow attackers to spoof websites, and a issue with the WINS service on Windows Servers that could lead to a Denial of Service Attack. Full Story and Links to Technet

Link to comment
Share on other sites

  • Replies 134
  • Created
  • Last Reply

Top Posters In This Topic

  • Peachy

    43

  • epp_b

    21

  • nlinecomputers

    6

  • Corrine

    6

Apparently there is a very very very critical update in there. I was listening to some security pro on tech tv saying that this was the biggest windows flaw he had ever seen etc, and could potensially be like the worst ever.But, the security company that found it did a pretty good job about keeping it secret and only telling ms, who now has a patch out (it took them over 200 days though). This guy was estimating two to three weeks before it would be really exploited... who knows :huh: Anyone got a good article on this? I haven't read the news today...<edit>Here's a slashdot story.</edit>

Edited by SonicDragon
Link to comment
Share on other sites

nlinecomputers

Yes after I posted my story I found some of the information that you had on that. Very troublesome that it took over 200 days to fix this. Nice to see that eEye sat on it and allowed MS time to fix it but 6 months is too long. Linux can have bugs and get them fixed in days and often it by part timers doing work on there dime. Why the heck does it take so friggen long for Bill and his hired gang of marketing idiots to buy a clue? :huh: :huh:

Link to comment
Share on other sites

From what I read this exploit went down to the very core of ntfs operating systems. A Microsoft security executive said the flawed software was "an extremely deep and pervasive technology in Windows". The problems affected a technology in the ntfs versions of Windows known as "abstract syntax notation," a way to share data across different computers. Some of Microsoft's built-in security features -- such as its Kerberos cryptography system -- rely on the flawed software.This exploit has actually been there for years. Very scary thought.

Link to comment
Share on other sites

If the bug has been around for "years" and not found until a few months ago by people deliberately looking for bugs it doesn't sound too critical. But the fix is classified as Critical so all pcs properly configured to download the update will be fixed. And for all the pcs that end up getting infected they should all have their hard drives wiped and DOS installed. They are obviously not qualified to run anything more sophisticated. :D

Link to comment
Share on other sites

The third update only affects Windows Server 2003 running WINS and Windows 2000 Server SP2 and earlier and Windows NT 4.0 Server:

Microsoft Security Bulletin MS04-006  PrintVulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)Issued: February 10, 2004Version Number: 1.0Summary    Who should read this document: Customers who are using Microsoft® Windows Internet Naming Service (WINS)®    Impact of vulnerability: Remote Code Execution    Maximum Severity Rating: Important    Recommendation: WINS server administrators should install the patch at the earliest opportunity.    Security Update Replacement: None    Caveats: None    Tested Software and Security Update Download Locations:        Affected Software            * Microsoft Windows NT® Server 4.0 Service Pack 6a - Download the update            * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - Download the update            * Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000 Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4 - Download the update            * Microsoft Windows Serverâ„¢ 2003 - Download the update            * Microsoft Windows Server 2003 64-Bit Edition - Download the update        Non Affected Software            * Microsoft Windows NT® Workstation 4.0 Service Pack 6a            * Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows 2000 Professional Service Pack 3, Microsoft Windows 2000 Professional Service Pack 4            * Microsoft Windows XP, Microsoft Windows XP Service Pack 1            * Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1            * Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1
The second patch there was last weeks phishing exploit patch for IE6. So really, if you are currently up-to-date on your patches you only need the first one.As a side note to the phishing patch, Microsoft also released a fix for that patch. This is only for people using XMLHTTP calls, apparently, so, unless you have Microsoft XML 3.0 installed, then it is irrelevant.
Link to comment
Share on other sites

If the bug has been around for "years" and not found until a few months ago by people deliberately looking for bugs it doesn't soon too critical.  But the fix is classified as Critical so all pcs properly configured to download the update will be fixed.  And for all the pcs that end up getting infected they should all have their hard drives wiped and DOS installed.  They are obviously not qualified to run anything more sophisticated.  :D
The reason I say it has been around for years is that the exploit effects operating systems going all the way back to Windows NT. Which has been around for years.
Link to comment
Share on other sites

Peachy, the exploit we are reffering to is not the one you posted. The one we are talking about is here: http://www.microsoft.com/technet/treeview/...in/MS04-007.asp

Microsoft Security Bulletin MS04-007  PrintASN.1 Vulnerability Could Allow Code Execution (828028)Issued: February 10, 2004Version Number: 1.0Summary    Who should read this document: Customers who are using Microsoft® Windows®    Impact of vulnerability: Remote Code Execution    Maximum Severity Rating: Critical    Recommendation: Systems administrators should apply the update immediately.    Security Update Replacement: None    Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.    Tested Software and Security Update Download Locations:        Affected Software:            * Microsoft Windows NT® Workstation 4.0 Service Pack 6a – Download the update.            * Microsoft Windows NT Server 4.0 Service Pack 6a – Download the update.            * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update.            * Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft 2000 Windows Service Pack 4 – Download the update.            * Microsoft Windows XP, Microsoft Windows XP Service Pack 1 – Download the update.            * Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update.            * Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1 – Download the update.            * Microsoft Windows Serverâ„¢ 2003 – Download the update.            * Microsoft Windows Server 2003 64-Bit Edition – Download the update.    Tested Microsoft Windows Components:        Affected Components:            * Microsoft ASN.1 Library    The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.    Technical Details        A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.        An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.        Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platforms. More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648.
Link to comment
Share on other sites

I heard the other day that eEYE has found something like 7 more flaws that ms has not fixed yet. I don't have an article or anything to confirm that though :ph34r:

Link to comment
Share on other sites

  • 4 weeks later...

It's Super Tuesday ala Microsoft.3 patches are available:Vulnerability in MSN Messenger Could Allow Information Disclosure (838512)Vulnerability in Microsoft Outlook Could Allow Code Execution (828040) (Only affects Office XP SP2/Outlook 2002 users)Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) (Only affects Windows 2000 Server)Patch away for those affected by these updates! :whistling:

Link to comment
Share on other sites

  • 1 month later...
  • 4 weeks later...

Second Tuesday of the month. This patch is available!Microsoft Security Bulletin MS04-015Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)

Link to comment
Share on other sites

nlinecomputers

Well other then my wife leaving me, my cat dying, and I've broken out in hives there are no problems to report so far. :D Seriously I put in on three machines and client's machine arrived with it already patched. The Client machine had spyware problems that are gone and the unit is fine now.

Link to comment
Share on other sites

Well other then my wife leaving me, my cat dying, and I've broken out in hives there are no problems to report so far.  :D Seriously I put in on three machines and client's machine arrived with it already patched.  The Client machine had spyware problems that are gone and the unit is fine now.
NLine, do you like country music by any chance? :w00t:
Link to comment
Share on other sites

  • 4 weeks later...

Yes, yes, I'm late, epp_b already posted links in the Windows forum, but, just to be consistent, June's security update is for DirectX, any version: http://www.microsoft.com/security/bulletin...06_windows.mspxVulnerability in DirectPlay Could Allow Denial of ServiceVulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of ServiceThe second update is only applicable if you use both Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, and have Internet Information Services installed. Other documentation at Microsoft suggests that you don't need to have IIS installed to apply the patch, just the first condition.

Link to comment
Share on other sites

  • 1 month later...
nlinecomputers

Slashdot is already calling it black Tuesday. If we stay true to form the viruses will hit in about 2 weeks..... B)

Link to comment
Share on other sites

redmaledeer
Another 5 out there.  Get them while they are hot!
This brings up the usual problem that the hotter you get them, the more likely you are to be a beta tester for the patch. There seems no clear way of winning, tho I usually wait a week or two.
Link to comment
Share on other sites

  • 4 weeks later...
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...