MSoft: last 5 new security bulletins

Discussion in 'other security issues & news' started by Paul Wilders, Jul 26, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands
    Microsoft was pretty active in the past few days - they released five security bulletins dealing with the following products: SQL Server 2000, Windows Media Player, Microsoft Metadirectory and Microsoft Exchange 5.5 security issues.

    Microsoft Security Bulletin MS02-039
    Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution

    SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance.

    Microsoft Security Bulletin MS02-032
    Cumulative Patch for Windows Media Player (Version 2.0)

    On June 26, 2002, Microsoft released the original version of this bulletin, which described the patch it provided as being cumulative. We subsequently discovered that a file had been inadvertently omitted from the patch. While the omission had no effect on the effectiveness of the patch against the new vulnerabilities discussed below, it did mean that the patch was not cumulative. Specifically, the original patch did not include all of the fixes discussed in Microsoft Security Bulletin MS01-056. We have repackaged the patch to include the file and are re-releasing it to ensure that it truly is cumulative.

    Microsoft Security Bulletin MS02-038
    Cumulative Patch for SQL Server 2000 Service Pack 2

    This patch eliminates two newly discovered vulnerabilities affecting SQL Server 2000 and MSDE 2000

    Microsoft Security Bulletin MS02-037
    Server Response To SMTP Client EHLO Command Results In Buffer Overrun

    The Internet Mail Connector (IMC) enables Microsoft Exchange Server to communicate with other mail servers via SMTP. When the IMC receives an SMTP extended Hello (EHLO) protocol command from a connecting SMTP server, it responds by sending a status reply that starts with the following: 250 Exchange server ID Hello Connecting server ID

    Microsoft Security Bulletin MS02-036
    Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation

    Microsoft Metadirectory Services (MMS) is a centralized metadirectory service that provides connectivity, management, and interoperability functions to help unify fragmented directory and database environments. It enables enterprises to link together disparate data repositories such as Exchange directory, Active Directory, third-party directory services, and proprietary databases, for the purpose of ensuring that the data in each is consistent, accurate, and can be centrally managed.




  2. snowy

    snowy Guest


    could you help me out....I don't fully understand the intended purpose of the last patch chance does this have anything to do with .net passport...etco_O
    I can understand the corparate part....its the third party part that is confusing me.......

    thanking you

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.