Second Tuesday of the Month Lottery

[CityK]

I'll predict:

4 OS hotfixes
1 cumulative IE patch
2 Office patches

 

[CougTek]

With your premonition skills, don't start a career in astrology :

Long, long ago, in a thread far, far way, Fushigi posted this.

 

[CityK]

Doh!

Well, if the ignore feature gets implemented, at least I'll be able to feign an excuse. Damn Fushigi, never liked him anyway

CK

 

[Jan Kivar]

No news is good news... sometimes.

Jan

 

[CityK]

Alright folks, step right up, place your bets! Fifty cents is all you need! *

Anyways, it doen't look like Fushigi has provided pre-emptied info yet, and there is still nothing on Technet or windows update. So, tomorrow being the big day and all, I'm going to go with my previous prediction once again:

4 OS hotfixes
1 cumulative IE patch
2 Office patches


* Taken from my memories of walking around the fair grounds during the Ex (Canadian National Exhibition) as a youth. It almost brings back the pungent smell of diesel fuel wafting through the air on top of the other prominent odours of hot ashphalt and cotton candy.

 

[Fushigi]

I haven't received the monthly summary from our MS rep yet. I will post details once I receive it.

 

[Fushigi]

Today, 13 January 2004 Microsoft is releasing three new security bulletins, one of which carries a maximum severity rating of Critical, one of which carries a maximum severity rating of Important and the last of which carries a maximum severity rating of Moderate. These bulletins address vulnerabilities in Microsoft ISA Server, MDAC (which affects most current shipping versions of Windows) and Microsoft Exchange Server respectively. Summaries for the bulletins released today may be found at the following pages.

ISA Server http://www.microsoft.com/technet/security/bulletin/isajan04.asp

Exchange Server http://www.microsoft.com/technet/security/bulletin/excjan04.asp

MDAC http://www.microsoft.com/technet/security/bulletin/winjan04.asp

In addition one bulletin, MS03-045, affecting Microsoft Windows has been re-issued. Information on the re-issued bulletin may be found at:

http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

Please also see below for each of the individual Microsoft Security Bulletins listed above in the summaries.

Microsoft will also be hosting a Webcast tomorrow to address customer questions on these bulletins. For more information on this Webcast please see below:

Information about Microsoft’s January Security Bulletins

1/14/2004 10:00 AM - 11:30 AM PST

http://msevents.microsoft.com/CUI/EventDetail.aspx?culture=en-US&EventID=1032241586

**********************************************************************

TECHNICAL DETAILS

MS04-001

Title: Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter can Allow Remote Code Execution (816458)

Products Affected:

Microsoft Internet Security and Acceleration Server 2000

Microsoft Small Business Server 2000

Microsoft Small Business Server 2003

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Reboot needed: No

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-001.asp

**********************************************************************

MS04-002

Title: Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)

Products Affected:

Microsoft Exchange Server 2003

Impact of Vulnerability: Elevation of Privilege

Maximum Severity Rating: Moderate

Reboot needed: No

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-002.asp

**********************************************************************

MS04-003

Title: Buffer Overrun in MDAC Function Could Allow code execution (832483)

Products Affected:

Microsoft Data Access Components 2.5 (shipped in Windows 2000)

Microsoft Data Access Components 2.6 (shipped in SQL Server 2000)

Microsoft Data Access Components 2.7 (shipped in Windows XP)

Microsoft Data Access Components 2.8 (shipped in Windows Server 2003)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Reboot needed: Yes

Update can be uninstalled: No

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-003.asp

**********************************************************************

MS03-045

Title: Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

Products Affected by Re-issue:

Microsoft Windows NT Workstation 4.0, Service Pack 6a

Microsoft Windows NT Server 4.0, Service Pack 6a

Reason for Re-issue: It has been discovered that customer who applied the Arabic, Hebrew and Thai language updates for Windows NT 4.0 Workstation and Server update experienced stability issues that required them to uninstall the update. This update corrects these issues. Only customers who use the Arabic, Hebrew and Thai language versions of Windows NT 4.0 Workstation and Server need to download and apply the revised update.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

 

[Fushigi]

Not an MS patch issue, really, but the latest attempt to distract email users:

PSS Security Response Team Alert - New Worm: W32/Mimail@mm

SEVERITY: MODERATE

DATE: January 27, 2004

PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail

**********************************************************************

WHAT IS IT?

W32/Mydoom@MM spreads via e-mail. The Microsoft Product Support Services Security Team is issuing this alert to advise customers to be on the alert for this virus as it spreads in the wild. Customers are advised to review the information and take the appropriate action for their environments.

IMPACT OF ATTACK:

Mass Mailing

TECHNICAL DETAILS:

For additional details on this worm from anti-virus software vendors participating in the Microsoft Virus Information Alliance (VIA) please visit the following links:

Network Associates:

http://vil.nai.com/vil/content/v_100983.htm

Trend Micro:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

Symantec

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

Computer Associates:

http://www3.ca.com/virusinfo/virus.aspx?ID=38102

Sybari:

http://www.sybari.com/alerts/alertdetail.asp?Name=W32/MyDoom.A@mm

For more information on Microsoft’s Virus Information Alliance please visit this link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/virus/via.asp

Please contact your Antivirus Vendor for additional details on this virus.

PREVENTION:

Outlook 2000 post SP2 and Outlook XP SP1 include the most recent updates to improve the security in Outlook and other Office programs. This includes the functionality to block potentially harmful attachment types. It can be configured to block Zip file attachments but does not do so by default.

To ensure you are using the latest version of Office click here: http://office.microsoft.com/ProductUpdates/default.aspx

By default, Outlook 2000 pre SR1 and Outlook 98 did not include this functionality, but it can be obtained by installing the Outlook E-mail Security Update. More information about the Outlook E-mail Security Update can be found here: http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

Outlook Express 6 can be configured to block access to potentially-damaging attachments. Information about how to configure this can be found here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291387

Outlook Express all other versions: Previous versions of Outlook Express do not contain attachment-blocking functionality. Please exercise extreme caution when opening unsolicited e-mail messages with attachments.

Web-based e-mail programs: Use of an application-level firewall can protect you from being infected with this virus through Web-based e-mail programs.

RECOVERY:

If your computer has been infected with this virus, please contact your preferred antivirus vendor or Microsoft Product Support Services for assistance with removing it.

As always please make sure to use the latest Anti-Virus detection from your Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you.

PSS Security

 

[Fushigi]

On 27 January 2004, Microsoft published a Knowledge Base article, 834489, that details changes which will be made in a forthcoming security update in the behavior of how Internet Explorer handles user information in HTTP and HTTPS URLs. Specifically, once this forthcoming security update is applied, by default, URLs that contain user information will no longer be supported and users will receive the error message "Invalid syntax error". HTTP and HTTPS URLs that contain user information take the format of:
http(s)://usernameassword@server/resource.ext.

Web site operators who currently rely on HTTP or HTTPS URLs with user information should take steps to implement other forms of authentication, as detailed in the Knowledge Base article to minimize the likely impact that this design change will have on their customers.

While it is not recommended, it is possible for customers to re-enable support for user information in HTTP and HTTPS URLs via a registry change on the client system. This information is detailed in the knowledge base article.

This change is not to remediate any specific or particular product vulnerability. Instead, it is a design change that is being made to enhance overall security in Internet Explorer.

More details are available in Knowledge Base article, 834489.

 

[blakerwry]

OMG! they've done it now. Those jack asses. I hope they still support atleast giving the username with the URL since IE automatically gives a user/pass when trying to log into a site, which will then lock you out on many servers.

 

[Mercutio]

It's not that big a deal, actually. Any webmonkey good enough to screw around with long, complicated URLs can unmangle the username out of it. It's probably more interesting as a power play to get coders to switch to one of Microsoft's authentication techniques (NTLM or digest authentication or something) rather than rolling their own insecure ones with plaintext.

It also means it'll be a little harder to sniff passwords to pr0n sites on busy residental network segments. Not that I'd ever do such a thing.