Helpdesk


Lonestar Home

Search Lonestar


Webmail

Texas.Net (Business)

Contact Info

Account Info
Change Password
Add Popmail
Spam Filter

Internet Alerts
Virus Alerts
Security Alerts
Hoax Alerts
Spam Email

Helpdesk
General Settings
Windows Setup
Macintosh Setup
Other OS Setup
Internet Software
Email Setup
Usenet News Setup
Web Page Setup
Modem Tips

E-mail Support
Trouble Ticket
Billing Ticket

Software

Parental Controls

Disclaimers
Terms & Conditions
Acceptable Use
Privacy Policy
Legal Text
English Text

Customer Pages

Internet Basics
World-Wide Web
E-mail
USENET News
FTP

Links
Staff Picks
Games
Windows 98
Macintosh
Kids' Links


Security Information

Here are a list of recent security issues that may affect you. More information can be found at Microsoft and at CERT.

Important: Use the MBSA Tool to scan your computer for security misconfigurations, vulnerabilities, and missing hot fixes. Scan your computer to find Windows Updates or Office Updates you need.


Security Issue Description
MS04-014 A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Microsoft recommends that customers install the update at the earliest opportunity.

MS04-013 This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system.

Microsoft recommends that customers install this update immediately.

MS04-012 This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each vulnerability is documented in this bulletin in its own section.

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Microsoft recommends customers apply the update immediately.


MS04-011

This update resolves several newly-discovered vulnerabilities. Each vulnerability is documented in this bulletin in its own section.

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Microsoft recommends that customers apply the update immediately.


MS04-005 A security vulnerability exists in Microsoft Virtual PC for Mac. The vulnerability exists because of the method by which Virtual PC for Mac creates a temporary file when you run Virtual PC for Mac. An attacker could exploit this vulnerability by inserting malicious code into the file which could cause the code to be run with system privileges. This could give the attacker complete control over the system.

To exploit this vulnerability, an attacker would have to already have a valid logon account on the local system, or the attacker would already have to have access to a valid logon account.

MS04-004 Some Internet Explorer 6.0 Service Pack 1 users may receive an error while attempting to access SSL secured Web Sites. This error will present itself as a HTTP 500 (Internal Server Error) and only occurs when accessing web servers using SSL/TLS 3.0 with a specific configuration. An update for this issue is available, please see Knowledge Base article 831167. This update will be included in future Cumulative Security Updates for Internet Explorer 6.0 Service Pack 1. Also, this Security Update will invalidate the usernames and passwords stored in Internet Explorer’s protected store. This will require users to re-enter their username and password when they first visit web sites that require authentication.
MS03-051 Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms.
MS03-049 A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service.

If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.

MS03-048 This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0.
MS03-045 Microsoft re-issued this bulletin on Janurary 13, 2004 to advise on the availability of an updated Windows NT 4.0 Workstation and Server patch for the Arabic, Hebrew, and Thai languages.
MS03-044 A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer.
MS03-043 Windows NT 4.0 Client Computers may have network-related problems after installing this security update. Microsoft encourages customers to review the details of Microsoft Knowledge Base Article http://support.microsoft.com/?kbid=831579
MS03-042 Microsoft re-issued this bulletin on October 29, 2003 to advise on the availability of an updated Windows 2000 patch. This revised patch corrects the Debug Programs (SeDebugPrivilege) user right issue that some customers experienced with the original patch that is discussed in Knowledge Base Article 830846. This problem is unrelated to the security vulnerability discussed in this bulletin. If you have previously applied this security patch, this update does not need to be installed.
MS03-041 There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog.
MS03-040 This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0.
Patch: here
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Affected Software: Microsoft Windows
Patch: here
MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
This is Microsoft's expanded bulletin on the RPC code execution vulnerability bulletin MS03-026. Microsoft announced yesterday that there are now two known RPC vulnerabilities and a Denial of Service vulnerability all covered in MS03-039. This means that all prior patches for the Blaster Worm and for the MS03-026 vulnerabilities are in essence, inadequate. Microsoft has released new patches here.
Note: Texas.net customers affected by this vulnerability are usually running Windows 2000 or Windows XP (not the 64 bit edition). There may be a few customers running Windows NT. Please do not get confused by the 64 bit and server versions of the patch.
MS03-033 Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Affected Software: Microsoft Windows
Patch: here
MS03-032 Cumulative Patch for Internet Explorer (822925)
Affected Software: Internet Explorer 5.0.1-6.0
Patch: here
MS03-030: Unchecked Buffer in DirectX Could Enbale System Compromise (819696)
Affected Software: Microsoft DirectX 5.2 (Win 98), 6.1 (Win 98 SE), 7.0a (Win ME), 7.0 (Win 2K), 8.1 (Win XP), 9.0a (Win ME, 2K, XP)
Patch: Win 2K, Win XP, Upgrade to 9.0b for Win 98, Win 98 SE, Win ME
MS03-027: Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
Affected Software: Windows XP
Patch: here
MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Affected Software: Windows XP, Windows 2000
Patch: Windows XP, Windows 2000
MS03-025: Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679)
Affected Software: Windows 2000
Patch: here
MS03-024: Buffer Overrun in Windows COuld Lead to Data Corruption (817606)
Affected Software: Windows 2000, Windows XP
Patch: Windows XP, Windows 2000
MS03-023: Buffer Overrun in HTML Converter Could Allow Code Execution (823559)
Affected Software: Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP
Patch: Win 98, Win 98SE, Win ME, Win 2k, Win XP. Once the patch is downloaded and installed, please visit the Cert advisory page for more information how to disable paste operations via script and active scripting.
MS03-022: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
Affected Software: Windows 2000
Patch: here
MS03-021 Flaw In Windows Media Player May Allow Media Library Access (819639)
Affected Software: Windows Media Player 9 Series
Patch: here
MS03-020: Cumulative Patch for Internet Explorer (818529)
Affected Software: Internet Explorer 5.0.1, 5.5, 6.0
Patch: here
MS03-019: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (817772)
Affected Software: Windows 2000
Patch: here

Last Update: Date: 2003/10/17 17:40:42 $

©1994-2005, Texas.Net, Inc. All rights reserved.