Results 1 to 2 of 2

Thread: M$ Releases 3 New Bulletins 1/13/04

  1. #1

    Exclamation M$ Releases 3 New Bulletins 1/13/04

    Ok, for all M$ users, here's January's bulletins hot off the M$ presses...and a day before their webcast (hmmm). Be sure to note another MDAC buffer overflow!

    Vulnerability in Microsoft Internet Security and Acceleration Server 2000
    H.323 Filter Could Allow Remote Code Execution (816458)
    http://www.microsoft.com/technet/tre...n/MS04-001.asp

    Who should read this document: Customers who use Microsoft® Internet Security and Acceleration Server 2000

    Impact of vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Customers should install the security update immediately

    Update Replacement: None

    Caveats: None

    Affected Software:

    Microsoft Internet Security and Acceleration Server 2000 - Download the update
    Microsoft Small Business Server 2000 (which includes Microsoft Internet Security and Acceleration Server 2000) – Download the Update
    Microsoft Small Business Server 2003 (which includes Microsoft Internet Security and Acceleration Server 2000) – Download the Update
    Non Affected Software:

    Microsoft Proxy Server 2.0
    Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation
    (832759)
    http://www.microsoft.com/technet/tre...n/MS04-002.asp

    Who should read this document: System administrators who have servers that are running Microsoft® Outlook® Web Access for Microsoft Exchange Server 2003

    Impact of vulnerability: Elevation of Privilege

    Maximum Severity Rating: Moderate

    Recommendation: System administrators should install this security update on all front-end servers that are running Outlook Web Access for Exchange Server 2003. Microsoft also recommends installing this security update on all other Exchange 2003 servers so that they will be protected if they are later designated as front end servers.

    Security Update Replacement: None

    Caveats: Apply the update when a disruption in OWA and Simple Mail Transfer Protocol (SMTP) mail flow and other Internet Information Services (IIS) applications is acceptable.

    Affected Software:

    Microsoft Exchange Server 2003 - Download the Update
    Non Affected Software:

    Microsoft Exchange 2000 Server
    Microsoft Exchange Server 5.5
    Buffer Overrun in MDAC Function Could Allow Code Execution (832483)
    http://www.microsoft.com/technet/tre...n/MS04-003.asp

    Who should read this document: Customers who are using Microsoft® Windows®

    Impact of vulnerability: Remote code execution

    Maximum Severity Rating: Important

    Recommendation: Customers should install this security update at their earliest opportunity.

    Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-033.

    Caveats: None

    Affected Software:

    Microsoft Data Access Components 2.5 (included with Microsoft Windows 2000)
    Microsoft Data Access Components 2.6 (included with Microsoft SQL Server 2000)
    Microsoft Data Access Components 2.7 (included with Microsoft Windows XP)
    Microsoft Data Access Components 2.8 (included with Microsoft Windows Server 2003)
    Note The same update applies to all these versions of MDAC - Download the Update

    Microsoft Data Access Components 2.8 (included with Windows Server 2003 64-Bit Edition) - Download the Update

  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    One note on the H.323 Filter one is that if you have that protocol disabled you dont need to install the patch immediately.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •