MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

5 Top security flaw found in corporate networks

Alert: Apple Security Bulletin

Alert: MS Security Bulletins

Alert: MS Security Tips

Browser crash test

Critical Alert

Firewall

Firewall on fire!

Hoaxes: E-mail

Internet Protocol Network Camera Surveillance

Mail relay test

Network Setup Checklist

Network Worms

On-line Privacy

Process - OK

Process - Bad & Ugly

Rootkits

Rotten Cookies

TCP Holed

TCP Port

TCP Port ~ 1024

TCP Port ~ 1352

TCP Port ~ 2500

TCP Port ~ 65301

TCP Port Scan

Web Security
Home » Network Security » Alert: MS Security Bulletins » 

Dec 2004 OS Security Bulletin:

The 6 patches to fix nine issues (none of the security holes rated as a serious threat), is now available at Microsoft´s Windows Update Web site.  Microsoft has recommended that all Windows XP users upgrade to Service Pack 2, which adds security features to Windows and removes applications that pose potential security risks.  Here is a quick summary:

MS04-040 Cumulative Security Update for Internet Explorer (889293).  This update resolves a newly-discovered publicly reported vulnerability. A vulnerability exists in Internet Explorer that could allow remote code execution on an affected system.  If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

MS04-041 Vulnerability in WordPad Could Allow Code Execution (885836).  A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. If a user is logged on with administrative privileges, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.

MS04-042 Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249).  An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, attempts to exploit these vulnerabilities would most likely result in a denial of service of the Dynamic Host Configuration Protocol (DHCP) Server service.

MS04-043 Vulnerability in HyperTerminal Could Allow Code Execution (873339).  If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.

MS04-044 Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835).  An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.  The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.

MS04-045 Vulnerability in WINS Could Allow Remote Code Execution (870763).  This update resolves several newly-discovered, public and privately reported vulnerabilities.  The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42.


commentPost your comment 
Mail this pageMail this page


© 2004-2008. All Rights Reserved.