Rialtus (rialtus) wrote,

  • Mood:

MS security updates

For those running Windows operating systems NT4, W2K (Pro, Server, Advanced Server), XP, Windows Server 2003 (all versions). And no *nix, Mac, VMS, or alternate OS promotion allowed here 'cause I won't put up with it. =) Microsoft bashing, however, is quite welcomed.

It's after the second Tuesday of the month, so there are new Microsoft security bulletins. This month is a doozy, enough so for me to put this message out here in my journal.

MS04-011 -- General update, which includes the update to MS04-007. This is relevant because that update was for something so deep in Windows it was given the name ASN.1. In short, this handled trivial things like Windows security processes on a machine... This new update addressed 14 different vulnerabilities, including the ability for an anonymous user to send a specially crafted packet to a machine which allows full control of that machine. Nasty, nasty stuff!

MS04-012 -- DCOM update, which includes the update of MS03-039 and MS03-026. Do those sound familiar? Those are the patches that prevented MSBLAST. Aparently, they didn't catch everything with the previous two patches, so MS04-012 was born. Security experts are expecting "MSBLAST2: The Wrath of DCOM" within about two weeks, which is how long the original MSBLAST took to show up after the vulnerability was announced. Again, ugly ugly stuff!

MS04-013 -- "Outlook Express" update, which has little to do with OE. OE puts a file on computers called INETCOM.DLL. It's there if you have OE, whether you use OE or not. The problem is that other programs, such as Internet Explorer, MS Messenger, and the full-blown Outlook, see this file there and start using it. So pretty much everyone is affected by this one, which has a buffer overflow that can result in remote execution of code. Ugh.

MS04-014 -- MS Jet engine update, because someone screwed up this code too. This isn't as critical as the three above, but if you are updating anyway, might as well go for the quadfecta...

Windows Update is the best resource to get the patches. If you have it enabled, you should get the patches through Automatic Updates as well...
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.