Microsoft Updates

Andr0m3da

Power Member
Microsoft has published several security
bulletins informing about seven vulnerabilities -five affecting Windows and
the other two affecting Exchange-, and the security patches that fix them.


Five of these security flaws have been classified as critical, one as
important and the other as moderate. In general these vulnerabilities affect
all Windows systems (Windows 2000, NT, XP and Server 2003) and Exchange
Server 5.5 and 2000.


The first of these Windows vulnerabilities lies in 'Authenticode' and could
allow ActiveX controls to be downloaded and run remotely without the user's
permission. The second has similar effects and causes a buffer overflow in
'ActiveX Windows Troubleshooter Control'. The third and fourth flaws allow
arbitrary code to be run and affect 'Messenger Service' and 'Windows Help
and Support Center', respectively. Finally, a buffer overflow in the
'ListBox' and 'ComboBox' controls allows code to be run locally.


Of the two security flaws detected in Exchange, the first is the most
dangerous, as it involves a buffer overflow in the SMTP service and could
allow arbitrary code to be run. The second is a cross-site scripting
vulnerability in Exchange Server 5.5 Outlook Web Access.


In line with its new security policy -in which security patches will be
released as a package once a month-, Microsoft has published all the
security bulletins and patches described above in two summaries. The one
referring to Windows is available at:
http://www.microsoft.com/technet/security/bulletin/winoct03.asp, and the
Exchange Server summary is available at:
http://www.microsoft.com/technet/security/bulletin/excoct03.asp. From these
addresses you can access the bulletin for each vulnerability and the patches
that fix it.
 
Back
Topo