Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft November Bulletins SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft November Bulletins
Microsoft released its first monthly set of bulletins. It covers three critical vulnerabilities:

MS03-048: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-048.asp

Cumulative Security Update for Internet Explorer

This patch fixes a lot of older vulnerabilities in Internet Explorer and should be applied without delay. Microsoft rates this issue critical as it allows remote code execution.

MS03-049: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-049.asp

Buffer Overrun in the Workstation Service

Another 'remote code execution' issue that should be addressed immediately.

MS03-050: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-050.asp

Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run

You need to run Office Update to fix this issue. Microsoft Windows Update will not address Office issues. Microsoft rates this issue as 'Important'. It allows arbitrary code execution via crafted Word or Excel documents. While this is not easily remotely exploitable, it could be used to spread viruses that use social engineering to trick users into opening crafted Word or Excel documents.

MS03-051: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-051.asp

Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution

The Microsoft FrontPage Server Extensions are a set of add ons which allow easier integration of Microsoft FrontPage with web servers. The FrontPage Server Extensions are installed at the web server.


Handlers

76 Posts

Sign Up for Free or Log In to start participating in the conversation!