Microsoft issues security warnings…

MS03-29, MS03-30 and MS03-31 puts Microsoft one ahead of the rate of one per week for the year.

MS03-29 lists a “Moderate” problem with a normally un-exposed function that could lead to a denial of service attack on Windows NT 4.0 Server only. Read more at http://www.microsoft.com/technet/security/bulletin/ms03-029.asp

MS03-30 deals with a buffer overrun which could allow a malicious user to run code of their choice on your machine, from a malformed MIDI file, web page or HTML e-mail. Rated as “Critical” for all to patch. Read details at http://www.microsoft.com/technet/security/bulletin/MS03-030.asp.

Finally, MS03-31, described as an “Important” cumulative patch for SQL Server, also patches three new vulnerabilities for SQL Server 7.0, SQL Server 2000, as well as MSDE 1.0 and 2000. While the patches seem to indicate that an attacker must have local logon access to execute these exploits, it’s not clear if another executable the victim could be tricked into running might be able to exploit these. http://www.microsoft.com/technet/security/bulletin/MS03-031.asp has details.

As always, there is the danger with patching your system that the patch process could go wrong, crippling your machine, or that the patch might not work properly on your particular configuration, or that the patch fails to fix the problem. Use care in evaluating whether these patches are appropriate for you, and take precautions (backups, images or restore points) to minimize the effect of a patch gone bad.

Be careful out there.

No comments yet.

Leave a Reply

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.