-
February 10th, 2004, 09:30 PM
#1
M$ issues 3 bulletins for February
Microsoft issues 3 new patches for February 2004. One for WINS, one for Virtual PC for Mac, one for ASN library on NT (??)..
Microsoft Security Bulletin MS04-005
Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)
Issued: February 10, 2004
Version: 1.0
Summary
Who should read this document: Customers who are using Microsoft® Virtual PC for Mac
Impact of vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Recommendation: Customers should install this security update at the earliest opportunity
Security Update Replacement: None
Caveats: None
http://www.microsoft.com/technet/tre...n/MS04-005.asp
Microsoft Security Bulletin MS04-006
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
Issued: February 10, 2004
Version Number: 1.0
Summary
Who should read this document: Customers who are using Microsoft® Windows Internet Naming Service (WINS)®
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Recommendation: WINS server administrators should install the patch at the earliest opportunity.
Security Update Replacement: None
Caveats: None
http://www.microsoft.com/technet/tre...n/MS04-006.asp
Microsoft Security Bulletin MS04-007
ASN.1 Vulnerability Could Allow Code Execution (828028)
Issued: February 10, 2004
Version Number: 1.0
Summary
Who should read this document: Customers who are using Microsoft® Windows®
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.
http://www.microsoft.com/technet/tre...n/MS04-007.asp
Happy patching!
-
February 10th, 2004, 10:20 PM
#2
Bah! You beat me to it again this week! arg!
-
February 11th, 2004, 06:34 AM
#3
boy did ms play this one down!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 11th, 2004, 10:14 AM
#4
Also Microsoft have also stuck a font fix on windowsupdate, Previously the user had to download the "fix" which removes an offensive symbol from certain fonts (Nazi logo)
What's odd though is Microsoft stuck this as a "critcal update" which is a little over doing it.
-
February 11th, 2004, 08:14 PM
#5
Tedob1: Your right, they should did keep it pretty quiet.
We're rolling out the ASN.1 library patch IMMEDIATELY as it affects a LOT of apps and services across servers AND workstations. IIS, NTLMv2, Kerberos, LDAP....ARRRGHHHHH!
What scares me is that M$ knew about this for 6 months as someone else here at AO mentioned (sorry forgot who).
PATCH YOUR SYSTEMS ASAP EVERYONE!
-
February 11th, 2004, 08:16 PM
#6
::Wonders at the portent, and remembers that February is barely a quarter over.::
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|