|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
EldAztek
Posts:0
 |
| 09/01/2003 11:54 PM |
|
| What Is It?
Within the last week or so, Microsoft has released three important security updates.
A cumulative security update for Microsoft Internet Explorer fixes several recently identified vulnerabilities including unchecked buffers that could allow an attacker to run arbitrary code on your machine. Arbitrary code can do anything that you could do, including deleting or corrupting files. Even if your default Web browser is Netscape, Mozilla, Opera, or some other Web browser, many other programs, including Eudora, and probably other email readers, use the rendering engine in Internet Explorer to render HTML documents. Even if you don't overtly use Internet Explorer, you are at risk.
There is a pair of unchecked buffers in DirectX, which is a part of all recent versions of Microsoft Windows that could allow an attacker to hide and run arbitrary code in a MIDI (music) file. Since MIDI sequence files can be hosted on a Web page or embedded in email messages, you are at risk.
A cumulative security update for Microsoft Data Access Components closes an unchecked buffer that could be used by an attacker to compromise your system. Since MDAC is installed as part of many products including Microsoft Office and its constituents (Access, Excel, Outlook, PowerPoint, Word) and Microsoft Internet Explorer, it is a virtual certainty that you have it on your machine.
While we have your attention, please be aware that the W32/Sobig.f@MM worm is still alive and well, though less active than last week, and that we can expect a successor, W32/Sobig.g@MM, before it becomes dormant around the middle of next month.
In case you are wondering, the reason that we chose not to write to you last week about the Nachi worm, we did so because it is a knockoff of the Blaster worm. Since all of you were made aware of that one, we chose not to bother you about Nachi.
What Should I Do?
All of the above updates are listed on Windows Update at http://windowsupdate.microsoft.com in the Critical Updates section except the MDAC update, which appears in the next section, Recommended Updates. You should visit this site and install all the critical updates at your earliest convenience. We have been running for over a month with the DirectX update and for a week with the Internet Explorer update; both appear to be free of problems.
References
Microsoft Product Security Bulletin MS03-030, Unchecked Buffer in DirectX Could Enable System Compromise (819696) is at http://www.microsoft.com/technet/security/bulletin/MS03-030.asp.
Microsoft Product Security Bulletin MS03-032, Cumulative Patch for Internet Explorer (822925), is at http://www.microsoft.com/technet/security/bulletin/MS03-032.asp.
Microsoft Product Security Bulletin MS03-033, Unchecked Buffer in MDAC Function Could Enable System Compromise (823718) is at http://www.microsoft.com/technet/security/bulletin/MS03-033.asp
CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer, is located at http://www.cert.org/advisories/CA-2003-22.html
This concludes this VirusWarn message.
David Gray
P6 Consulting
V: +1 (972) 751-0254
TZ: USA Central, GMT -5
E: mailto:dagray@p6c.com
W: http://www.p6c.com
VirusWarning Mailing List Info: http://www.leedrake.com/virus_notification.htm
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|