-
April 13th, 2004, 06:27 PM
#1
Junior Member
MS releases 4 patches for April 2004
http://www.microsoft.com/technet/sec.../MS04-011.mspx
Security update for Windows (835732) - Critical
http://www.microsoft.com/technet/sec.../MS04-012.mspx
Cumulative Update for RPC/DCOM (828741)- Critical
http://www.microsoft.com/technet/sec.../MS04-013.mspx
Cumulative Security updat for Outlook Express (837009) - Critical
http://www.microsoft.com/technet/sec.../MS04-014.mspx
Vulnerability in MS Jet Database Engin could allow code execution (837001)- Important
-
April 13th, 2004, 06:34 PM
#2
Junior Member
Microsoft is still updating these links. They are currently very unstable.
-
April 13th, 2004, 06:58 PM
#3
Junior Member
Ms is addressing 20 vulneribilitie with 4 seperate patches.
MS04-11 address 14 vulnerabilities
CAN-2003-0533
CAN-2003-0663
CAN-2003-0719
CAN-2003-0806
CAN-2003-0906
CAN-2003-0907
CAN-2003-0908
CAN-2003-0909
CAN-2003-0910
CAN-2004-0117
CAN-2004-0118
CAN-2004-0119
CAN-2004-0120
CAN-2004-0123
MS04-12 address 4 vulnerabilities
CAN-2003-0813
CAN-2004-0116
CAN-2003-0807
CAN-2004-0124
MS04-13 address 1 vulnerability
CAN-2004-0380
MS04-14 address 1 vulnerability
CAN-2004-0197
-
April 13th, 2004, 08:18 PM
#4
Add some old bulletin re-release.
http://www.microsoft.com/technet/sec.../MS00-082.mspx
Reason for re-release: Bulletin updated to advise of the availability of an update for Exchange Server 5.0. Originally posted: October 31, 2000
Updated: April 13, 2004
Version: 2.0
http://www.microsoft.com/technet/sec.../MS01-041.mspx
Reason for re-release: Bulletin updated to advise of the availability of an update for Exchange Server 5.0. Originally posted: July 26, 2001
Updated: April 13, 2004
Version: 2.0
http://www.microsoft.com/technet/sec.../MS02-011.mspx
Bulletin updated to advise of the availability of an update for Windows NT Server 4.0 and to advise Exchange Server 5.0 customers on how to better protect themselves. Originally posted: February 27, 2002
Updated: April 13, 2004
Version Number: 2.0
http://www.microsoft.com/technet/sec.../MS03-046.mspx
Reason for re-release: Bulletin updated to advise of the availability of an update for Exchange Server 5.0.
Issued: October 15, 2003
Updated: April 13, 2004
Version Number: 2.0
-
April 13th, 2004, 08:34 PM
#5
Junior Member
I have had a chance to review these patches in much more detail now. I want to let you all know that Microsoft’s rating of these are right on the mark! These are critical! Most of the vulnerabilities addressed in these patches will allow the attacker FULL access to your computers. We are talking about holes big enough to drive a semi through.
The other thing to be aware of..... The MS04-011 patch covers a wide range of vulnerabilities:
LSASS
LDAP
PCT
WinLogon
Metafiles
Help and Support Center
Utility Manager
Windows Management
Local Descriptor Tables
H.323
Virtual DOS machine
SSP
SSL
ASN.1
I applaud MS's attempt to reduce the number of patches, but it seems to me like including this many fixes in a single patch is just asking for trouble. What if a single fix in this patch breaks something you need. Then you have to uninstall the whole patch. I think they should at least make these readily available as separate patches to mitigate the possible problem that could occur.
-
April 14th, 2004, 03:54 PM
#6
One of them is also covering RPC/DCOM...looks like MS didn't fixz it last time around...happy patching day.
Who is more trustworthy then all of the gurus or Buddha’s?
-
April 14th, 2004, 05:43 PM
#7
Yet again they've failed to fix the local zone and CHM bugs that spammers and virii take advantage of. These flaws are at least 4 months old, are being exploited in the wild, and have remained unpatched for far too long. When will they realise withholding patches isn't in the interest of security, and doesn't exactly inspire confidence in their 'trustworty computing' strategy.
I think I'll stick to Gentoo, at least I know things will be fixed in a timely fashion
-
April 14th, 2004, 06:33 PM
#8
Around here we call the second Tuesday of each month "BLACK TUESDAY" in honor of MS monthly patch day.
The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!
-
April 14th, 2004, 10:12 PM
#9
Originally posted here by Beryllium9
Yet again they've failed to fix the local zone and CHM bugs that spammers and virii take advantage of. These flaws are at least 4 months old, are being exploited in the wild, and have remained unpatched for far too long. When will they realise withholding patches isn't in the interest of security, and doesn't exactly inspire confidence in their 'trustworty computing' strategy.
I think I'll stick to Gentoo, at least I know things will be fixed in a timely fashion
Not trying to start a pi$$ing match.But surely your not talking about Linux bugs? Average Linux bugs live 1.8 years, some 7. the PDF can be found here. Just do a search for An empirical study of operating systems errors
http://portal.acm.org/results.cfm?co...TOKEN=57621828
http://www.acm.org/
-
April 14th, 2004, 10:38 PM
#10
Atleast in Linux I can fix the bugs myself if I'm alerted to their being there. ;-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|