OT-Fw: Microsoft patches nine new flaws
- Subject: OT-Fw: Microsoft patches nine new flaws
- From: "Roger Swalley" r*@colfax.com
- Date: Thu, 11 Sep 2003 08:53:12 -0700
- List-archive: <http://www.hort.net/lists/pumpkins/> (Web Archive)
Might need to update,
Roger , Colfax WA
----- Original Message -----
From: "CNET Virus Security Newsletter"
<CNET_Networks_#3.104666.31393234313636@newsletters.online.com>
To: <res@colfax.com>
Sent: Wednesday, September 10, 2003 2:42 PM
Subject: CNET: Microsoft patches nine new flaws
>
>
>
> CNET | VIRUS & SECURITY NEWSLETTER
> Microsoft patches Office flaws
> September 10, 2003
> Vol. 2, No. 18
>
> At the same time law enforcement announced three high-profile
> arrests in connection with recent virus-writing and criminal
> hacking activities, Microsoft announced six new security
> vulnerabilties affecting its popular Microsoft Office software
> suite. Although most of the flaws are considered moderate or
> important security risks, at least one, the one regarding Visual
> Basic applets, is considered critical. There are also three new
> flaws affecting the Remote Procedure Call (RPC), a feature in
> Windows 2000, NT, and XP used last month by the MSBlast worm.
> I've included links to all of the Microsoft bulletins below.
>
> Robert Vamosi
> Senior associate editor
> CNET Software & Internet Services
>
> Unsubscribe instructions are at the bottom of this newsletter.
> _________________________________________________________________
>
> IN THIS ISSUE:
> 1. Alert: Microsoft users at risk from critical flaws
> 2. News: Homeless hacker surrenders
> 3. Security Watch: Make the punishment fit the cybercrime
> 4. Security Watch: What to expect when the next Sobig hits
> 4. Subscribe and unsubscribe information
> _________________________________________________________________
>
> <---------------Advertisement--------------->
>
> $8.95/yr Domain Names from GoDaddy.com.
> Get your .com, .net, .org, .biz, .us, and .info domains.
> Free parked page and URL forwarding. If you paid more,
> easily transfer risk-free for $7.75 including 1-yr extension.
> Bulk pricing and private registration available.
> http://ct.com.com/click?q=8b-SBGBQY0slEGuiSAP6OoKlKwtULlR
>
> <------------------------------------------->
> _________________________________________________________________
>
> 1. Alert: Microsoft users at risk from critical flaws
>
> Microsoft issued six bulletins last week informing Microsoft
> Office users of moderate to critical risks to their data and
> privacy.
>
> http://ct.com.com/click?q=14-5MRAIF.J4NgryFyiB7_BzXE47LnR
>
> Microsoft security bulletins:
> Flaw in NetBIOS could lead to information disclosure
> http://ct.com.com/click?q=88-ec5PQQKmiqBgSXzCjhN386T5UD4R
>
> Flaw in Microsoft Word could enable macros to run automatically
> http://ct.com.com/click?q=a9-IlbqQpUmKPZbjeIBlk_dvRSKDtrR
>
> Buffer overrun in WordPerfect converter could allow code execution
> http://ct.com.com/click?q=d8-XW73QWLUzg2kzgRkVYfie.x6Vu4R
>
> Flaw in Visual Basic for Applications could allow arbitrary code
> execution
> http://ct.com.com/click?q=e6-qG8rQwybyK7Pderb4ZzO636q9TiR
>
> Unchecked buffer in Microsoft Access Snapshot Viewer could allow
> code execution
> http://ct.com.com/click?q=09-joDSIj8.sJcoiR7M6YY.Zwx4imrR
>
> And Microsoft today issued a new bulletin regarding three new flaws
> in the Remote Procedure Call function of Windows 2000, NT, and XP.
>
> http://ct.com.com/click?q=40-6Pp4Idn.kvpEmViwkTtOnxNBKC9R
>
> Buffer overrun in RPCSS service could allow code execution
> http://ct.com.com/click?q=eb-HlpoQkDlzUOO_lZPeawpbZqzt.lR
>
> _________________________________________________________________
>
> 2. News: Homeless hacker surrenders
> Adrian Lamo, the so-called homeless hacker, surrendered Tuesday
> to face two federal criminal charges of electronic breaking and
> entering.
>
> http://ct.com.com/click?q=61-x9oAIoLNt_WtYcbS0SyZFD72EPcR
> _________________________________________________________________
>
> 3. Security Watch: Make the punishment fit the cybercrime
>
> The two guys accused recently of creating variants of the MSBlast
> worm are facing sentences worse than some violent criminals get.
> Does that make any sense?
>
> http://ct.com.com/click?q=ea-fjLyQhV9.V5SQHYTg_i4Ahhjt_yR
> ________________________________________________________________
>
> 4. Security Watch: What to expect when the next Sobig hits
>
> We know how the Sobig worm works and we have a general idea when
> the next version of it will hit the Net. What we don't know: the
> worm author's ultimate goal.
>
> http://ct.com.com/click?q=20-PoiFIRzJPncaYiH3qAxz7ZuAjQ4R
> _________________________________________________________________
>
> 4. Subscribe and unsubscribe information
>
> The e-mail address for your subscription is res@colfax.com
>
> To sign up for more CNET newsletters go to the link below:
> http://ct.com.com/click?q=6c-SUL3IuPN8QYF8CNP8tm3.3nwW9dR
>
> To unsubscribe, click
> here:http://ct.com.com/click?q=a2-6.X7rUZxT7ITbpK_C0QlkWGSgopmn9RR
>
> Please send any questions, comments, or concerns to
> n*@cnet.com
>
>
>
> Copyright 2003 CNET Networks, Inc. All rights reserved.
---------------------------------------------------------------------
Pumpkin-growing archives: http://www.hort.net/lists/pumpkins/
To sign-off this list, send email to majordomo@hort.net with the
message text UNSUBSCRIBE PUMPKINS
