1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Microsoft corrige novas falhas de segurança em sistemas Windows

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por RavenMaster, 13 de Outubro de 2004. (Respostas: 5; Visualizações: 802)

  1. RavenMaster

    RavenMaster Power Member

    "A Microsoft publicou ontem ao final do dia o boletim de segurança de Outubro onde revela dez avisos, sete dos quais críticos. Os alertas referem a existência de 22 novas falhas nos sistemas operativos Windows, no Internet Information Services e no browser Internet Explorer.
    Embora assegure que estas falhas ainda não estão a ser exploradas, a Microsoft aconselha, como habitualmente, os utilizadores a procederem rapidamente à correcção dos seus sistemas através do Windows Update.
    Para já será possível resolver os problemas críticos para os sistemas mais recentes mas a Microsoft deixa a mensagem no site de que os updates para Windows Millennium Edition, Windows 98 e Windows 98 Second Edition podem ser disponibilizados só mais tarde.
    O elevado número de falhas críticas deste novo boletim tornam a actualização dos sistemas mais urgente, afectando quer sistemas operativos clientes quer servidores, e deixando os PCs de redes empresariais e domésticas vulneráveis a ataques.
    Recorde-se que em Abril a Microsoft tinha também alertado para 20 novas falhas, uma das quais permitiu a disseminação do worm Sasser em computadores nos quais o update não foi instalado. "

    fonte
     
  2. ElectricFox

    ElectricFox I folded Myself

    Depois de ver esta notícia, fui ao windows update e tinha logo 5 actualizações para instalar: 1 para o IE6, 1 para o Journal Viewer e 3 para o Windows 2000... :rolleyes:
     
  3. RavenMaster

    RavenMaster Power Member

    "MS04-032, which fixes multiple vulnerabilities an attacker could use to take complete control of an affected system to install programs; view, change or delete data; or create new accounts that have full privileges.

    MS04-033, which fixes a vulnerability in Excel an attacker could also use to install programs; view, change or delete data; or create new accounts with full privileges. "Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges," the bulletin said.

    MS04-034, which fixes a vulnerability in compressed folders that could allow many of the same exploits.

    MS04-035, which fixes a vulnerability an attacker could use for many of the same exploits. "A remote code execution vulnerability exists in the Windows Server 2003 SMTP component because of the way that it handles Domain Name System (DNS) lookups," the bulletin said. "An attacker could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4."

    MS04-036, which fixes a vulnerability within the Network News Transfer Protocol (NNTP) component of the affected operating systems. "This vulnerability could potentially affect systems that do not use NNTP. This is because some programs that are listed in the affected software section require that the NNTP component be enabled before you can install them," the bulletin said. Like the vulnerabilities listed above, an attacker could use this to take over machines, launch malicious code and cause other problems.

    "This one is especially serious because if you're running the news service, you can be attacked by anyone in the network," said Ivan Arce, CTO of Boston-based Core Security Technologies, which reported the vulnerability to Microsoft Aug. 16. "Your server can be compromised internally or externally. It's an ideal attack vector."

    MS04-037, which fixes a vulnerability in the Windows shell that could be exploited in similar fashion.

    MS04-038, a cumulative security update for Internet Explorer fixing several vulnerabilities an attacker could use to take over machines and do many of the things outlined above.

    Confira um resumo dos boletins classificados como "importante":

    MS04-029, which fixes a vulnerability in the RPC Runtime Library that could allow information disclosure and a denial of service. "An attacker who successfully exploited the vulnerability could cause the affected system to stop responding or could potentially read portions of active memory content," the bulletin said.

    MS04-030, which describes a vulnerability in the WebDAV XML Message Handler that could lead to a denial of service. "An attacker who successfully exploited this vulnerability could cause WebDAV to consume all available memory and CPU time on an affected server. This behavior could cause a denial of service. The IIS service would have to be restarted to restore functionality," the bulletin said.

    MS04-031, which describes a vulnerability in NetDDE that could allow remote code execution. "However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability," the bulletin said. "
     
  4. NeoToPower

    NeoToPower 1st Folding then Sex

    Procurem por ARP.... aparentemente, a nova firewall do xispe, é responsavel em parte pela massiva onda de ARP requests que se tem vereficado. Fazendo com que a ligação fique muito lenta. Ñ sei explicar ao certo, vou entretanto procurar o link, mas convinha descarregarem o patch se utilizarem a firewall do xp ( sp2 only).... todos nós agradecemos ;)
     
  5. Flyer

    Flyer Power Member

    eu n uso a firewall do XP (SP2) e isto anda sempre como tu dizes Neo "tipo árvore de natal" :(
     
  6. NeoToPower

    NeoToPower 1st Folding then Sex

    O problema é que ñ és tu o mais afectado..... o pior é o mal que isso faz á rede :(



    EDIT: cá tá ele :D LINK
     
    Última edição: 14 de Outubro de 2004

Partilhar esta Página