Results 1 to 6 of 6

Thread: MS releases 3 new patches for March

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    21

    MS releases 3 new patches for March

    MS04-008: Security Update for Microsoft Windows
    Vulnerability in Windows Media Service Could allow a DOS (832359)
    Rated: Moderate
    Affected Software: Win2K SP2/3/4 with WMS 4.1

    MS04-009: Security Update for MS Office
    Vulnerability in Microsoft Outlook Could allow Code Execution (828040)
    Rated: Important
    Affected Software: MS Office XP and Outlook 2002

    MS04-010: Security updat for MSN Messenger
    Vulnerability in MSN Messenger Could allow Information Disclosure (838512)
    Rated: Moderate
    Affected Software: MSN Messenger 6.0 and 6.1

  2. #2
    Junior Member
    Join Date
    Jan 2004
    Posts
    4

    Thanks

    Thanks! For the update. Good to know about.
    CybermirrorSever

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    MS04-009 got upped to critical!
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,207
    MS04-009 looks like yet another reason to hate Outlook.

    Technical description:

    Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the “Outlook Today” folder home page as their default home page in Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of “critical” to reflect the expanded attack vector. The update released with the original version of this security bulletin is effective in protecting from the vulnerability and users who have applied the update or have installed Office XP Service Pack 3 do not need to take additional action.

    In addition, Microsoft is making available an additional “client update” for customers on the Microsoft Download Center. This additional update does not contain new fixes or functionality, but is instead an additional offering of the update that provides an alternative for customers. More information on the client update is available in the Security Update Information section.

    A security vulnerability exists within Outlook 2002 that could allow Internet Explorer to execute script code in the Local Machine zone on an affected system. The parsing of specially crafted mailto URLs by Outlook 2002 causes this vulnerability. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page.

    The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who successfully exploited this vulnerability could access files on a user's system or run arbitrary code on a user's system. This code would run in the security context of the currently logged-on user. Outlook 2002 is available as a separate product and is also included as part of Office XP.

    Mitigating factors:


    Users who read e-mail messages in plain text format in are at less risk from the HTML e-mail attack vector as they would need to click on a link in an e-mail message to be affected.


    If an attacker exploited this vulnerability, the attacker would gain only the same privileges as the user. Users whose accounts are configured to have few privileges on the system would be at less risk than users who operate with administrative privileges.

  5. #5

    Re: MS releases 3 new patches for March

    Originally posted here by Draco980172
    MS04-009: Security Update for MS Office
    Vulnerability in Microsoft Outlook Could allow Code Execution (828040)
    Rated: Important
    Affected Software: MS Office XP and Outlook 2002
    SP3 for Office XP patches this vulnerability - get it at http://www.microsoft.com/downloads/d...displaylang=en (be prepared to wait...lots of traffic)

    MS04-010: Security updat for MSN Messenger
    Vulnerability in MSN Messenger Could allow Information Disclosure (838512)
    Rated: Moderate
    Affected Software: MSN Messenger 6.0 and 6.1
    Anyone protecting themselves from this by blocking MSN at their firewall?

  6. #6

    Angry bleh

    I'm just waiting for the phone call from my mom and/or my girlfriend now.

    [glowpurple]My computer is broken HELP![/glowpurple]

    Seems like everytime there is a new hole, one of those two manage to find a way to be a victim to it. Oh well, free food at mom's w00t.

    [shadow]agent.idle[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •