New Windows critical updates

Discussion in 'other security issues & news' started by FanJ, Feb 5, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    There are several new Windows critical updates available.
    When I checked a few hours ago there were no details on the MS site, maybe they are there now (hm, I should have checked for you, I realize... :oops:).
    For XP, W98, IE 5.5 for example.
     
  2. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Thanks...
    IE patches and security updates.

    Got them FanJ !

    regards,
    bill
     
  3. FanJ

    FanJ Guest

    MS03-004 :

    Q810847

    Microsoft Security Bulletin MS03-004


    Cumulative Patch for Internet Explorer (810847)
    Originally posted: February 5, 2003

    Summary
    Who should read this bulletin: Customers using Microsoft® Internet Explorer.

    Impact of vulnerability: Allow an attacker to execute commands on a user’s system.

    Maximum Severity Rating: Critical

    Recommendation: Customers should install the patch immediately.

    Affected Software:

    Microsoft Internet Explorer 5.01
    Microsoft Internet Explorer 5.5
    Microsoft Internet Explorer 6.0
    End User Bulletin: An end user version of this bulletin is available at: http://www.microsoft.com/security/security_bulletins/ms03-004.asp



    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-004.asp
     
  4. FanJ

    FanJ Guest

    Microsoft Security Bulletin MS03-005


    Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
    Originally posted: February 5, 2003

    Summary
    Who should read this bulletin: Customers using Microsoft® Windows® XP.

    Impact of vulnerability: Local elevation of privileges

    Maximum Severity Rating: Important

    Recommendation: Customers should consider applying the patch.

    Affected Software:

    Microsoft Windows XP

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-005.asp

    [hr]

    Note by me (FanJ):

    the above mentioned MS site says that there are two versions for XP:

    Windows XP:

    32-bit Edition
    64-bit Edition

    Almost 100 % of you who run XP, need that 32-bit version.
    That 64-bit version is only for the very (happy?) few who have a very special processor on their motherboard, and really almost none of you will have that one.
    And those who have that special processor, will certainly know that....
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Thanks FanJ

    Got it plus couple others I had not bothered with previously.

    All downloaded/installed and all OK

    Cheers, TAS
     
  6. FanJ

    FanJ Guest

    You're welcome Bill and Tas ;)

    There was also another update for HTML Help:
    811630
    I have yet not seen a separate page for it, but it is mentioned in that page for MS03-004.
    And if you run Windows Update, you will get it automatically mentioned in case you need it.
    At the moment I cannot overlook whether all companies who make programs with HTML-Help, will be happy with that one......
     
  7. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    FanJ,

    Yes, that download for HTML Help was mentioned, it was one of the three I downloaded [around 350Kb].

    I was unsure if I needed it or not, but still got it, as it said something about needing it for future IE updates, etc.

    It wasn't too clear to me precisely what it was for, in that regard.
    Cheers, TAS.
     
  8. FanJ

    FanJ Guest

    Hi Tas,

    Yep, same with me, I have to admit....
    Strange thing seems to me that, while doing that Windows-update, it said indeed something like "needing it for future IE updates, etc." but that page about MS03-004 tells another reason (as far as I remember....).....

    Oh well....
     
  9. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    We should get rid of buffers. They are always being overrun. They must be very tired by now and constantly taking days off from work. They obey the voices in their heads. Microsoft should consider employing software diplomats instead of buffers, since while they would be much slower and probably never come to any worthwhile agreement, they would not obey external commands. Or maybe they would, if they were guaranteed a good pension.

    Or, buffers should have pensions and be retired the instant they're full. They could wear body armour so that if they're run over, they won't feel pain.

    Or maybe buffers should be limited to one single bit, and share with seven other buffers. They could enjoin and byte the hand that feeds them. Then they could discuss the situation between themselves and add their bit to parity. It would take a hacker much effort to make them all agree. If a hacker used force, the others buffers could give the victim the kiss of life or the Heinlich manoeuvre or just drop it and produce the BSoD.

    Buffers are overrated. Trains use buffers and they are hacked all the time by graffiti artists. Go to Zurich and see; their efforts are everywhere.

    Ergo, Microsoft employs too many Swiss graffiti vandals. It's obvious. SP1 stands for Swiss Painters One.

    Edited to remove any hint of silliness.
     
  10. FanJ

    FanJ Guest

    :D :D

    I'm sooo happy you're back Checkout!!!!
    I've missed your great writing talent !!!!!!
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    LOL I ALWAYS LOVED CHECKOUTS SINCE OF HUEMOR LOL
     
  12. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    My personal opinion concerning "needing it for future IE updates, etc." is that critical updates to IE itself have to be downloaded and installed in the order of which they were released......exp. if user has IE-A, but not IE-B, then user can not install IE-C. This (in my opinion again) has caused numerous problems since November release of some critical updates and users having problems with the Windows Update site itself. A lot of users had gotten incomplete installs of IE6 SP1 and were unable to install updates following the IE6 SP1 update. I think a lot of people have been mislead to think that the critical updates after IE6 SP1 had installed okay as the installation history says that they were successful, but if user goes to "Help" and then " About Internet Explorer"..........those critical updates to IE itself need to be listed after "Update Version:". If they aren't listed then the install did not succeed. I fixed my problems with Windows ME and IE6 SP1 by:

    The following pertains to IE6 SP1 on a Windows ME system (but could work with other operating systems as well):

    There are certain files which apparently didn’t update properly on my first download/install of IE6 SP1 (which I had done a long time ago). I came across the files in an error message while attempting to get windows update to work. You need to check these files and make sure that the version number is greater than 6.0.2800.1100. If they aren’t then the following procedure should update them to the correct versions. Find them by doing an individual search in windows explorer, right click on the file, click on properties and, then, the version tab.

    DLL are the .dll files

    ACTXPRXY.dll, ADVPACK.dll, BROWSELC.dll, BROWSEUI.dll, DIGEST.dll, IEPEERS.dll, IMGUTIL.dll, INSENG.tll, MLANG.dll, MSHTML.dll, MSHTML.tlb, MSHTMLED.dll, SHDOCLC.dll, SHDOCVW.dll, SHFOLDER.dll, SHLWAPI.dll, URLMON.dll, WININET.dll, PNGFILT.dll. webcheck.dll also showed in the error message, but (after using the following procedure and checking to see if it updated) it shows 6.0.2600.0 as it’s version number.


    Download IE6 SP1 to desktop (even if you have IE6 SP1 already installed). Go offline and double click the IE6setup.exe file on desktop, choose custom install and click on the box preceding IE6 (which will put a check mark in it). Click on OK button or install button and it should update the 20 old files (which must have been a flaw in the IE6 SP1 original download/install that I had done). The following would be substituted with the appropriate critical updates which pertain to the system and IE version you use. Q328970 and Q324929 updates are for Windows me using IE6 SP1. Download Q328970.exe to your desktop and go offline and double click the Q328970.exe file on your desktop to install it, restart computer. Then download the Q324929.exe file to your desktop and go offline and double click the Q324929.exe file on your desktop to install it, restart computer. Go back on the internet and check. Both Q328970 and Q324929 should show up (after SP1) at internet explorer, help (on menu bar), about internet explorer, after update versions. Run windows update and see if it works okay.

    bob
     
  13. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Pretender.

    Yes indeed, ;) I also think its *very* relevant in what order they are installed. Pays to check regularly so you don't skip one.

    Also your post with the IE/Help/About also now shows an extra one for me with that latest Q810847 update for IE.

    Cheers, TAS

    edit: also if trouble updating via WU, you can get all of the critical updates from the one location here, all listed via month with date of release, etc.

    http://www.microsoft.com/technet/treeview/?url=/technet/security/current.asp?frame=true
     

    Attached Files:

  14. AMH209

    AMH209 Registered Member

    Joined:
    Feb 21, 2002
    Posts:
    18
    Just a little footnote on the updates, I installed all them on the 5th when they came out. At first I didn't notice any problems, but then I attempted to reply to an e-mail and sign it with my PGP and OE crashed. TO make a long story short, 810847 has a faulty dll that is causing some people to have problems with OE and IE. I posted more detials on the forum under the topic PGP 8.
     
Loading...
Thread Status:
Not open for further replies.