1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

Microsoft Updates

Discussão em 'Windows Desktop e Surface' iniciada por Andr0m3da, 17 de Outubro de 2003. (Respostas: 0; Visualizações: 480)

  1. Andr0m3da

    Andr0m3da Power Member

    Microsoft has published several security
    bulletins informing about seven vulnerabilities -five affecting Windows and
    the other two affecting Exchange-, and the security patches that fix them.


    Five of these security flaws have been classified as critical, one as
    important and the other as moderate. In general these vulnerabilities affect
    all Windows systems (Windows 2000, NT, XP and Server 2003) and Exchange
    Server 5.5 and 2000.


    The first of these Windows vulnerabilities lies in 'Authenticode' and could
    allow ActiveX controls to be downloaded and run remotely without the user's
    permission. The second has similar effects and causes a buffer overflow in
    'ActiveX Windows Troubleshooter Control'. The third and fourth flaws allow
    arbitrary code to be run and affect 'Messenger Service' and 'Windows Help
    and Support Center', respectively. Finally, a buffer overflow in the
    'ListBox' and 'ComboBox' controls allows code to be run locally.


    Of the two security flaws detected in Exchange, the first is the most
    dangerous, as it involves a buffer overflow in the SMTP service and could
    allow arbitrary code to be run. The second is a cross-site scripting
    vulnerability in Exchange Server 5.5 Outlook Web Access.


    In line with its new security policy -in which security patches will be
    released as a package once a month-, Microsoft has published all the
    security bulletins and patches described above in two summaries. The one
    referring to Windows is available at:
    http://www.microsoft.com/technet/security/bulletin/winoct03.asp, and the
    Exchange Server summary is available at:
    http://www.microsoft.com/technet/security/bulletin/excoct03.asp. From these
    addresses you can access the bulletin for each vulnerability and the patches
    that fix it.
     

Partilhar esta Página