Results 1 to 3 of 3

Thread: 3 More Critical Updates

  1. #1
    Triple Platinum Member Thor's Avatar
    Join Date
    Sep 2002
    Location
    US
    Posts
    917

    3 More Critical Updates

    Title: Cumulative Patch for SQL Server (Q316333)
    Date: 02 October 2002
    Software: Microsoft SQL Server 7.0
    Microsoft Data Engine (MSDE) 1.0
    Microsoft SQL Server 2000
    Microsoft Desktop Engine (MSDE) 2000
    Impact: Four vulnerabilities, the most serious of which could
    enable an attacker to gain control over an affected
    server.
    Max Risk: Critical
    Bulletin: MS02-056

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/sec.../MS02-056.asp.
    - ----------------------------------------------------------------------
    Title: Flaw in Services for Unix 3.0 Interix SDK Could Allow
    Code Execution (Q329209)
    Released: 02 October 2002
    Software: Services for Unix 3.0 Interix SDK
    Impact: Buffer overrun and denial of service
    Max Risk: Moderate
    Bulletin: MS02-057

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/sec.../MS02-057.asp.
    ----------------------------------------------------------------------------


    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/sec.../MS02-054.asp.


    Issue:
    ======
    Zipped files (files having a .zip extension) provide a means to
    store information in a way that uses less space on a hard disk. This
    is accomplished by compressing the files that are put into in the
    zipped file. On Windows 98 with Plus! Pack, Windows Me and Windows
    XP, the Compressed Folders feature allows zipped files to be treated
    as folders. The Compressed Folders feature can be used to create,
    add files to, and extract files from zipped files.

    Two vulnerabilities exist in the Compressed Folders function:

    - An unchecked buffer exists in the programs that handles the
    decompressing of files from a zipped file. A security
    vulnerability results because attempts to open a file with
    a specially malformed filename contained in a zipped file could
    possibly result in Windows Explorer failing, or in code of the
    attacker?s choice being run.
    - The decompression function could place a file in a directory
    that was not the same as, or a child of, the target directory
    specified by the user as where the decompressed zip files should
    be placed. This could allow an attacker to put a file in a known
    location on the users system, such as placing a program in a
    startup directory




    Thor
    Last edited by Thor; October 3rd, 2002 at 18:20 PM.

  2. #2
    Member tons of fun's Avatar
    Join Date
    Aug 2002
    Location
    Melbourne,Florida
    Posts
    82

    Thumbs up Got 'em......

    Thanks!!!

  3. #3
    Triple Platinum Member Thor's Avatar
    Join Date
    Sep 2002
    Location
    US
    Posts
    917

    1 Critical, 1Moderate, 1 Moderate>So So

    Sorry. The three other updates are not all critical. One is critical. One is moderate and the other one is iffy.


    Thor

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •