 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 02/08/2005 8:29 PM |
|
| What it is
Microsoft released 11 new critical updates today. You can update them immediately by visiting windowsupdate.microsoft.com, or if you are set to automatically receive updates you'll get them downloaded randomly at some time over the next three days. Here's a summary:
MS-05-004 Both Microsoft .NET frameworks (Versions 1.0 and 1.1) have been updated with security updates to make them more secure. These are an optional component - and you may or may not have them installed on your system. If you don't have them installed, you won't be prompted to download the updates. Note that each of these frameworks run separately - so if you have both installed you must patch both - you may not just patch the later version.
MS-05-005 Fixes a bug in Office XP, MS Works, Project 2002 and Visio 2002 which would allow a user to send a malicious file that could install software on a target system (virus or trojan).
MS-05-006 Fixes a problem with Windows Sharepoint Services and Windows Sharepoint Team services on Windows 2003 server and Small business servers. All server users, especially those exposed on the internet, should update as soon as possible.
MS-05-007 is a vulnerability that would allow a remote user to determine the names of users on your computer if you have sharing enabled. This affects all versions of Windows operating systems (95, 98, ME, 2000, NT, XP, and 2003). Having this vulnerability would give an attacker additional information to compromise your system.
MS-05-008 is a vulnerability that might allow a remote attacker to install software on your machine using the drag-and-drop functionality of your system. This patch affects windows 2000, XP, Server 2003, Windows 98, and ME.
MS-05-009 Vulnerability in PNG image processing - this vulnerability is similar the the JPG image processing vulnerability that affected MS Office and other basic image processing in various Microsoft applications. This patch affects only Windows Media players versions 9 (pre SP2), MSN Messenger versions 5, 6.1 and 6.2, and Windows 98-ME.
MS-05-010 Vulnerability in the license logging service - this vulnerability only affects server operating systems (Windows NT, 2000, and 2003). It does not affect Windows 98-ME or XP or 2000 workstation. If license logging is turned on (it's off by default on all but Small Business server systems), it could allow a remote attacker to send a specially crafted packet to the system which would allow remote code execution. All servers, and especially MS Small Business Server systems should be updated.
MS-05-011 SMB Vulnerability - this critical vulnerability affects Windows 2000, XP and Server 2003, but not Windows 98-ME Operating systems. This vulnerability would allow a remote attacker to take complete control of a system and install program, view change or delete data, or create new accounts with full user rights. Since it can be exploited remotely it's ripe for a worm or virus to be developed to exploit it and should be updated immediately. The internet connection firewall included and enabled in SP2 (or Zonealarm) will protect you from this exploit until you can patch your system.
MS-05-012 is a critical update that prevents a remote code execution exploit, using Object Linking and Embedding (OLE). It affects all versions of Windows, including Windows 98, ME, 2000, 2003, and XP. It also affects all office applications, and exchange server versions. The patch corrects problems in OLE's COM Storage and Input validation. Applying this patch is critical for all users.
MS-05-013 a vulnerability in the DHTML editing control could allow a remote user to take over a system where the DHTML control is used or installed. All versions of Windows are affected by this vulnerability except Windows NT. This could allow a remote web site to host the control and take over your system as you visit the site - installing software without your knowledge. As a mitigating factor you'd need to allow the site to run activex components on your system, which usually requires assent.
MS-05-014 Cumulative security update for Internet Explorer - this update fixes a number of vulnerabilities in IE and should be applied to all versions of Windows systems including 2000, XP, Server 2003, and all Windows 9X machines running any version of IE 5 or above. We recommend that even if you use an alternate browser you keep IE as secure as possible. The update fixes problems with Drag and Drop, URL Decoding, DHTML, and Channel Definition Format (CDF).
MS-05-015 This update to the hyperlink object library affects all versions of Windows including 2000, XP, Server 2003, and Windows 9x. If unpatched your system could be compromised remotely, install or change programs and view, change or delete data, just by clicking a malicious hyperlink in a website.
Many of these updates close holes that spyware companies use to install software on your system. We strongly recommend applying all recommended updates, or allowing the update to occur automatically if your system is configured for automatic updates.
What to do
To apply the updates immediately visit http://windowsupdate.microsoft.com and apply all critical updates recommended for your system. If you have Windows XP with automatic download of updates enabled, you may have a YELLOW SHIELD in your system tray and a balloon warning to install the updates - please accept the prompt, install the updates and reboot. If you're configured for automatic installation be sure to leave your machine on during the timeframe you've designated to automatically install updates. Server systems set to auto-install updates will probably reboot on schedule, once the update is installed in the next few days.
Further info
For complete info on all the latest updates: http://www.microsoft.com/technet/security/default.mspx
For a less technical explanation: http://www.microsoft.com/athome/security/default.mspx
For a summary of security bulletins, including a cross reference of affected systems: http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx
This concludes this viruswarning notice.
Cheers,
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St Suite B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|