Make Homepage | Add To Favorites | Print Page | Submit News | Feedback | Contact | 

Your Technical Computer Information Resource!  
     

  Microsoft related Technical Updates [Page: 96 of 98] @ TACKtech Corp.  

05.13.2003 - Microsoft Provides Free Evaluation Software



View Microsoft related news. Microsoft now provides you with a central location to order or download evaluation software for our most current product releases. To assist you with your evaluation, you will also find helpful links to Canadian specific content such as events, case studies, and special offers.
Full View / NID: 718 / Submitted by: Zero_Tolerance

04.30.2003 - MS02-071: Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation (328310) - Updated



View Microsoft related news. Windows messages provide a way for interactive processes to react to user events (such as keystrokes or mouse movements) and communicate with other interactive processes. The WM_TIMER message is sent at the expiration of a timer, and it can be used to cause a process to run a timer callback function. This message may create a security vulnerability because it is possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to run a callback function at the address of its choice, even if the second process did not set a timer. If that second process has higher privileges than the first process, this would provide the first process with a way of exercising the functions.
Full View / NID: 692 / Submitted by: TACKtech Team

04.23.2003 - Microsoft Windows 2000 Patch: Cannot Obtain Device Driver Updates from the Windows Update Web Site Patch (329553)



View Microsoft related news. As a result of changes to the Windows Update service, Device Manager and the Add Printer Wizard in Windows 2000 Service Pack 3 (SP3) and earlier cannot obtain device driver updates published after November 15, 2002 from Windows Update. You may not notice this problem when you use Device Manager or the Add Printer Wizard because drivers released before November 15, 2002 are still available.
Full View / NID: 672 / Submitted by: TACKtech Team

04.16.2003 - MS03-013: Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)



View Microsoft related news. There is a flaw in the way the kernel passes error messages to a debugger. A vulnerability results because an attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.
Full View / NID: 658 / Submitted by: TACKtech Team

04.10.2003 - MS03-011: Flaw in Microsoft VM Could Enable System Compromise (816093)



View Microsoft related news. The Microsoft VM is a virtual machine for the Win32 operating environment. The Microsoft VM is shipped in most versions of Windows and in most versions of Microsoft Internet Explorer. A new security vulnerability has been reported that affects the ByteCode Verifier component of the Microsoft VM. It occurs because the ByteCode verifier does not correctly look for certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a Web page that would exploit this vulnerability when it was opened. An attacker could then host this malicious Web page on a Web site or could send it to a user in e-mail. The present Microsoft VM has been updated to include a fix for this newly reported security vulnerability. This version of VM includes all previously released fixes to the VM.
Full View / NID: 644 / Submitted by: TACKtech Team

04.10.2003 - Microsoft .NET Framework Version 1.1 Redistributable Package



View Microsoft related news. The .NET Framework version 1.1 redistributable package includes everything you need to run applications developed using the .NET Framework.
Full View / NID: 642 / Submitted by: TACKtech Team

04.09.2003 - MS03-012: Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service (331066)



View Microsoft related news. There is a flaw in the Winsock Proxy service in Microsoft Proxy Server 2.0, and the Microsoft Firewall service in ISA Server 2000, that would allow an attacker on the internal network to send a specially crafted packet that would cause the server to stop responding to internal and external requests. Receipt of such a packet would cause CPU utilization on the server to reach 100%, and thus make the server unresponsive. The Winsock Proxy service and Microsoft Firewall service work with FTP, telnet, mail, news, Internet Relay Chat (IRC), or other client applications that are compatible with Windows Sockets (Winsock). These services allow these applications to perform as if they were directly connected to the Internet. These services redirect the necessary communications functions to a Proxy Server 2.0 or ISA Server computer, thus establishing a communication path from the internal application to the Internet through it.
Full View / NID: 641 / Submitted by: TACKtech Team

03.26.2003 - MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)



View Microsoft related news. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerabilty affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service.
Full View / NID: 611 / Submitted by: TACKtech Team

03.19.2003 - MS03-009: Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065)



View Microsoft related news. A flaw exists in the ISA Server DNS intrusion detection application filter, and results because the filter does not properly handle a specific type of request when scanning incoming DNS requests.
Full View / NID: 597 / Submitted by: TACKtech Team

03.17.2003 - MS03-007: Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)



View Microsoft related news. An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS). The request could cause the server to fail or to execute code of the attacker’s choice. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context).
Full View / NID: 592 / Submitted by: TACKtech Team

02.26.2003 - MS03-006: Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709)



View Microsoft related news. An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, would execute code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine. In the case of an e-mail borne attack, if the user was using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, then an attack could not be automated and the user would still need to click on a URL sent in e-mail. However if the user was not using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, the attacker could cause an attack to trigger automatically without the user having to click on a URL contained in an e-mail.
Full View / NID: 554 / Submitted by: TACKtech Team

02.07.2003 - MS02-071: Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation (328310) - Updated



View Microsoft related news. Windows messages provide a way for interactive processes to react to user events (such as keystrokes or mouse movements) and communicate with other interactive processes. The WM_TIMER message is sent at the expiration of a timer, and it can be used to cause a process to run a timer callback function. This message may create a security vulnerability because it is possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to run a callback function at the address of its choice, even if the second process did not set a timer. If that second process has higher privileges than the first process, this would provide the first process with a way of exercising the functions.
Full View / NID: 521 / Submitted by: Travis

02.05.2003 - Microsoft Windows 2000/XP/XP (64-Bit) Patch: Enabling applications to access HTML Help in a new, restricted mode



View Microsoft related news. Download this patch now to ensure that Internet Explorer can properly display HTML Help in HTML pages.
Full View / NID: 516 / Submitted by: TACKtech Team

01.22.2003 - MS03-002 : Cumulative Patch for Microsoft Content Management Server 2001 (810487)



View Microsoft related news. A cross-site scripting flaw exists in one of these ASP pages. The flaw can permit an attacker to insert script in the data that is being sent to an MCMS server. Because the server generates a Web page in response to a user request that is made by using this page, the script may be embedded in the page that MCMS generates and returns to the user. If this occurs, the script may then be run when it is processed by the user’s browser. Because of this, attacker may be able to access information that the user shared with the legitimate site.
Full View / NID: 490 / Submitted by: TACKtech Team

12.12.2002 - MS02-070: Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)



View Microsoft related news. A security vulnerability has been identified that could allow an attacker to disrupt a facility by which security settings are applied to Windows-based computers in a corporate network. This could allow the attacker to loosen settings on his or her own computer or impose tighter ones on someone else's. Network administrators can help eliminate this issue by installing this update.
Full View / NID: 425 / Submitted by: TACKtech Team

12.12.2002 - MS02-071: Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation (328310)



View Microsoft related news. Windows messages provide a way for interactive processes to react to user events (such as keystrokes or mouse movements) and communicate with other interactive processes. The WM_TIMER message is sent at the expiration of a timer, and it can be used to cause a process to run a timer callback function. This message may create a security vulnerability because it is possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to run a callback function at the address of its choice, even if the second process did not set a timer. If that second process has higher privileges than the first process, this would provide the first process with a way of exercising the functions.
Full View / NID: 424 / Submitted by: TACKtech Team

12.12.2002 - MS02-069: Flaw in Microsoft VM May Compromise Windows (810030)



View Microsoft related news. A new version of the Microsoft VM is available that includes all previously released fixes for Microsoft VM and fixes for eight newly reported security issues. The attack vectors for all the new issues are most likely the same. An attacker can create a Web site that, when opened, exploits the particular vulnerability and either hosts the attack vector on a Web site or sends it to a user as an HTML mail message.
Full View / NID: 422 / Submitted by: Travis

12.07.2002 - Microsoft Internet Information Services 5.0 Patch: Certificate Renewal Wizard Concatenates Certificate Organizational Units



View Microsoft related news. This update addresses the "Certificate Renewal Wizard Concatenates Certificate" issue in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Knowledge Base (KB) Article Q325827. Download now to correct this issue for IIS 5.0.
Full View / NID: 412 / Submitted by: TACKtech Team

11.21.2002 - MS02-065: Certificate Validation Flaw Might Permit Identity Spoofing (329115)



View Microsoft related news. This article was previously published under Q329115 and replaces replaces Microsoft Knowledge Base article 328145.
Full View / NID: 383 / Submitted by: TACKtech Team

11.06.2002 - Windows 2000 Patch: Using 802.1x Authentication on Computers Running Windows 2000



View Microsoft related news. This update resolves the "Using 802.1x Authentication on Computers Running Windows 2000" issue and is discussed in Microsoft Knowledge Base (KB) Article Q313664. Download now to install 802.1X authentication on your computer.
Full View / NID: 351 / Submitted by: Travis
  Popular Tech News  
  Most Viewed News  
  Top Affiliates  
.....