ms03-41 q823182
ms03-42 q826232
ms03-43 q828035
ms03-44 q825119
ms03-45 q824141
ms03-46 q829436
ms03-47 q828489
Several of them are critical and lead to remote code execution. Looks like a fun weekend of patching systems.
Printable View
ms03-41 q823182
ms03-42 q826232
ms03-43 q828035
ms03-44 q825119
ms03-45 q824141
ms03-46 q829436
ms03-47 q828489
Several of them are critical and lead to remote code execution. Looks like a fun weekend of patching systems.
One word: CRAP! And it's a sunny day outside...not that I get much time outside.
Thanks mo!
lol ...... well 10x for the heads up...... let me find that site
Ok.. Here are the proper links. Sorry to anybody that saw those others links that were working earlier, but must have just been changed.
http://www.microsoft.com/technet/tre...n/MS03-041.asp
http://www.microsoft.com/technet/tre...n/MS03-042.asp
http://www.microsoft.com/technet/tre...n/MS03-043.asp
http://www.microsoft.com/technet/tre...n/MS03-044.asp
http://www.microsoft.com/technet/tre...n/MS03-045.asp
http://www.microsoft.com/technet/tre...n/MS03-046.asp
http://www.microsoft.com/technet/tre...n/MS03-047.asp
What happened to once a month? Are these guys ashamed? I have not seen anything other than what links you guys have posted. Not even an email. Oh well, I guess I should lower my expectations.
Fraggin- I don't think the once a month thing has officially started yet. The reason I was able to post these before the notices went out is that because I know people at MS who let me know this morning that these fixes were being released.
If you are on any of the MS mailing lists you should be getting the emails soon. It looks like they started releasing them about an hour ago.
Thank god for SUS.
good to know someone on the inside.
thx mo!
People always ask me why I never patch my personal windows systems, well here is a fine example of seven new patches that I won't be applying. :)
Why I am not installing any of these.:
MS03-041:
A properly configured system according to Microsoft's TFM should only allowed trsuted sites to execute ActiveX. I have included this and have gone above and beyond by configuring internet client software to run as the user CLIENT_NET which is a member of GUESTS. Even trusted code execution will be limited to this user's powers and not be able to make any non-password prompted changes to the user's environment.
MS03-042:
Same as above
MS03-043:
The TFM indicates the Messsenger service should be disabled unless it is remotely filtered (so for LAN use only).
MS03-044:
The TFM suggests the disabling of the HCP protocol and users are to be directed to the local administration for support.
MS03-045:
The utility manager should not be used by normal users and should be disabled, this is covered indirectly in the TFM as well.
MS03-046:
The Exchange TFM discusses the value of filtering SMTP protocol extensions. IAS fills this role very nicely.
MS03-047:
I use exchange server 2000.
I really love how Microsoft lists the proper configuration as a work around as to not make people that failed to apply the proper configuration in the first place feel stupid. And people say they are evil. ;)
catch
Mohaugh-
Thanks for the heads up. My director has already asked me how I've found out so soon. I told him it came from the inside. Thanks.
It is good to know someone at M$. I used to have a buddy there who would buy things for me at their campus store for a good rate.
So, the once a month thing is not official yet, eh? Will it be after they revamp Automatic update, or is it just wishful thinking?
BTW, does anyone know someone that works for the last stage of delirium? These guys must have talent.
Mohaugh-
Thanks for the heads up. My director has already asked me how I've found out so soon. I told him it came from the inside. Thanks.
It is good to know someone at M$. I used to have a buddy there who would buy things for me at their campus store for a good rate.
So, the once a month thing is not official yet, eh? Will it be after they revamp Automatic update, or is it just wishful thinking?
BTW, does anyone know someone that works for the last stage of delirium? These guys must have talent.
Thanks for these. Just as the week was looking really lousy. :D
MS03-043 looks like a possible vector for a worm attack to me.
If the attacker can use a buffer overflow and get admin rights on the target PC, then you could make a self-spreading program (i.e. worm) using that vulnerability.. so maybe a MSBlast / Code Red / Whatever exploit could come about.
Oh well. At least you can disable the Messenger Service on the PCs on your LAN remotely.
Scanner tool by ISS released for MS03-043 vulnerability (Messenger service). Runs at command line and looks handy.
Comment from someone at ISS was:
Check it @ http://www.iss.net/support/product_utilities/ms03-043/Quote:
ISS has released a freeware utility to help scan for this vuln. We feel this vuln is pretty important -- at the same level as Blaster and Slammer. It is as wide-spread as the RPC/DCOM vuln exploited by Blaster, and it can easily lead to Slammer-style worms that slam out a flood of UDP traffic.
Interesting scanner tool. Yes it does the job, but it also sends a message to all computers missing the patch.
Which is great if you have half a dozen short, but not so bad when it is every machine in the building. :rolleyes:
Ho hum.
If the ISS tool doesn't quite do what you are looking for, how about the Foundstone tool. It allows you to remotely stop and disable the Messenger Service, assuming you have the proper rights. Definately speeds things up for admins on large networks where this service may be running.
http://www.foundstone.com/subsection...sengerscan.htm
** Warning newbie alert - this post may be rubbish **
HTRegz - I looked at the link, and downloaded the tool. It wouldn't unzip. After a while I tried to virus scan the file - just in case, you know.
And what do you know - it told me it was infected ( which may explain why it refused to unzip ).
Now I realise that these sort of tools need to emulate viruses. But then neither of my other scanners have virus alerts. Which worries me. Either this tool is falsely giving a virus alert, or it has become infected, or Foundstone are really trying to take over the world with their new secret weapon ( "we would have succeded too, if it wasn't for those meddling kids" ).
And in all of this, I wonder whether the availability of a useful tool to scan for particular vulnerabilities will mean another 2 months of tedious work for me ....
I've had the software on three PCs and had no alerts or warnings. However that doesn't say much, 1 PC was AVG Free, another was Command AV and the last was running eTrust, but as I said none of them have returned any warnings to me.
thanks for the heads up. Here's to another week of testing and patching.
I have emailed Foundstones support line about this. If they get back to me, I will report back. Unless they are trying to take over the world....
r8devil - a mere week. Oh what it must be to work in such a technologically advanced company. I reckon it will take us a week before we have worked out how to get these patches out to the easy half of our computers.
Didn't have any problems running the Foundstone tool.
eEye have a similar but more limited tool at http://www.eeye.com/html/Research/Tools/MSGSVC.html
Schrodinger wrote:
I had the same exact problem. I'm running McAfee VirusScan with DAT files 4298 dated 10/15/03. It said something about the being infected with the DCOM exploit.Quote:
And what do you know - it told me it was infected ( which may explain why it refused to unzip ).
I didn't download it due to this but suspect it is a false positive as I wouldn't think Foundstone would put an infected tool on their website.
You are right, these testing tools *DO* emulate viruses or use the code to test with which is why I sometime disable AV when using them (of course only during the test, after which I immediately re-enable AV).
Let us know what Foundstone says. Like I said earlier: it's probably OK.
Is it a corp version of McAfee? It might be that Mc Afee put this into thier virus def's to keep users on companies networks from using this tool to scan the network for unpatched machines.
ric-o - thank you. My personal assessment of my sanity is significantly improved.
CXGJarrod - I am wondering if the corporate app is trying to be clever and detect anything that seems to be exploiting this vulnerability, rather than being specific. I can't see any obvious reason for them not wanting users to use tools to help fix holes, but I can see how, in the absence of specific viruses that exploit this, they want to be alert to anything. Which is a good think, I think.
I will let you know what Foundstone say, if anything.
FYI: Microsoft has revised the October bulletin with the 7 vulnerabilities and one of the vulnerabilities, MS03-045 (ListBox/Combobox one) has had a major revision.
Check it out: http://www.microsoft.com/technet/tre...n/winoct03.asp
M$ just LOVES to keep us busy! :mad: