Microsoft Security Bulletin for December 1, 2004

Discussion in 'other security issues & news' started by NICK ADSL UK, Dec 1, 2004.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin for December 1, 2004

    Today Microsoft released the following Security Bulletin(s).

    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summaries:

    Windows :> http://www.microsoft.com/technet/security/bulletin/ms04-dec.mspx

    Critical Bulletins:

    MS04-040 - Cumulative Security Update for Internet Explorer (889293)
    http://www.microsoft.com/technet/security/bulletin/MS04-040.mspx

    This DOES NOT represent our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338]International customers should contact their local subsidiary.
    --

    The update may also be obtained on this link. There may be a short delay in getting this update on the windows update site as it has just gone live and will need time to get to the servers

    http://www.microsoft.com/technet/security/current.aspx
     
    Last edited: Dec 1, 2004
  2. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    Critical IE Fix: IFrame vunerability has been fixed now.

    Hi there !

    Last month, Security information provider Secunia raised the buffer overflow flaw to its highest rating in a new advisory. According to them, the vunerability could be used to make Internet Explorer trigger a malicious program when the Microsoft browser loads a specially formatted Web page but, the flaw does not affect Windows XP Service Pack 2 .

    Later, ScanSafe / Secunia and other companies has been drawn Microsoft into a debate whether a spoofing technique that uses Internet Explorer can be described as a flaw.

    As usual, MS denied all the reports and stated that they has not been made aware of any program designed to exploit the flaw. But in reality, they has begun to investigate the vunerability.

    Actually, this vunerability could allow an attacker to take control of a victim's PC, if the user is logged on as an administrator. Most home users tend to log onto Windows as administrators. The attacker would then have complete control of the system, and could install programs, view, modify or delete data and create new accounts.

    Yesterday(2-Dec-04), Microsoft published a patch for this vunerability.

    I strongly request you all guys to go and update your Operating System with this patch.
     
Loading...
Thread Status:
Not open for further replies.