Fwd: [Intrusense VNS] 7 New Microsoft Security Bulletins

[Steven Ouimet <souimet () intrusense com>]

------ Forwarded Message
From: is-vnc () intrusense com
Organization: Intrusense LLC.
Date: Wed, 15 Oct 2003 13:47:27
To: souimet () intrusense com
Subject: [Intrusense VNS] 7 New Microsoft Security Bulletins (5 Critical)


Intrusense - Vulnerability Notification Service


Oct 15, 2003
- A total of 7 new Microsoft Security Bulletins were announced today. They
range from 'Moderate' to 'Critical' in severity.


-//- CRITICAL


Microsoft Security Bulletin MS03-041

Title:  Vulnerability in Authenticode Verification Could Allow Remote Code
Execution (823182)

Issued: October 15, 2003

Impact: Remote Code Execution

Affected Software:
- Microsoft Windows NT Workstation 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
- Microsoft Windows 2000, Service Pack 2
- Microsoft Windows 2000, Service Pack 3, Service Pack 4
- Microsoft Windows XP Gold, Service Pack 1
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP 64-bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-bit Edition

URL:    
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-041.asp


-//-


Microsoft Security Bulletin MS03-042

Title:  Buffer Overflow in Windows Troubleshooter ActiveX Control Could
Allow Code Execution

Issued: October 15, 2003

Impact: Remote Code Execution

Affected Software: 
- Microsoft Windows 2000, Service Pack 2
- Microsoft Windows 2000, Service Pack 3, Service Pack 4

URL:    
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-042.asp


-//-


Microsoft Security Bulletin MS03-043

Title:  Buffer Overrun in Messenger Service Could Allow Code Execution

Issued: October 15, 2003

Impact: Remote Code Execution

Affected Software: 
- Microsoft Windows NT Workstation 4.0, Service Pack 6a - Download the patch
- Microsoft Windows NT Server 4.0, Service Pack 6a - Download the patch
- Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 -
Download the patch 
- Microsoft Windows 2000, Service Pack 2 - Download the patch
- Microsoft Windows 2000, Service Pack 3, Service Pack 4 - Download the
patch 
- Microsoft Windows XP Gold, Service Pack 1 - Download the patch
- Microsoft Windows XP 64-bit Edition - Download the patch
- Microsoft Windows XP 64-bit Edition Version 2003 - Download the patch
- Microsoft Windows Server 2003 - Download the patch
- Microsoft Windows Server 2003 64-bit Edition - Download the patch

URL:    
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-043.asp


-//-


Microsoft Security Bulletin MS03-044

Title:  Buffer Overrun in Windows Help and Support Center Could Lead to
System Compromise 

Issued: October 15, 2003

Impact: Remote Code Execution

Affected Software: 
- Microsoft Windows Millennium Edition
- Microsoft Windows NT Workstation 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
- Microsoft Windows 2000, Service Pack 2
- Microsoft Windows 2000, Service Pack 3, Service Pack 4
- Microsoft Windows XP Gold, Service Pack 1
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP 64-bit Edition Version 2003 -
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-bit Edition

URL:   
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-044.asp


-//-


Microsoft Security Bulletin MS03-046

Title:  Vulnerability in Exchange Server Could Allow Arbitrary Code
Execution 

Issued: October 15, 2003

Impact: Remote Code Execution

Affected Software: 
- Microsoft Exchange Server 5.5, Service Pack 4
- Microsoft Exchange 2000 Server, Service Pack 3

URL:   
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-046.asp




-//- IMPORTANT 


Microsoft Security Bulletin MS03-045

Title:  Buffer Overrun in the ListBox and in the ComboBox Control Could
Allow Code Execution

Issued: October 15, 2003

Impact:  Local Privledge Escalation

Affected Software: 
- Microsoft Windows NT Workstation 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
- Microsoft Windows 2000, Service Pack 2
- Microsoft Windows 2000 Service Pack 3, Service Pack 4
- Microsoft Windows XP Gold, Service Pack 1 ñ Download the patch
- Microsoft Windows XP 64 bit Edition ñ Download the patch
- Microsoft Windows XP 64 bit Edition Version 2003 ñ Download the patch
- Microsoft Windows Server 2003 ñ Download the patch
- Microsoft Windows Server 2003 64 bit Edition ñ Download the Patch

URL:   
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-045.asp




-//- MODERATE 


Microsoft Security Bulletin MS03-047

Title:  Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
Cross-Site Scripting Attack

Issued: October 15, 2003

Impact: Remote Code Execution

Affected Software: 
- Microsoft Exchange Server 5.5, Service Pack 4

URL:   
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-047.asp




Steven Ouimet
Information Security Consultant
Intrusense LLC.
http://www.intrusense.com


--
Intrusense - Securing Business As Usual




---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------