Microsoft Warns of 4 New Windows Flaws OSNews points to an article on Salon
that makes a few interesting points: Microsoft is going to monthly
security bulletins as some sort of comfort for the plethora of patches
that must be applied. Frankly, I’d rather know now, than the first
Wednesday of the month, when a weakness is discovered. This just
expands the threat window from discovery to closure (assuming the patch
works) from a week to a month.
In one email from Microsoft, titled “Microsoft Exchange Server Security
Bulletin for October 2003,” I was warned of the following:
MS03-046, titled “Vulnerability in Exchange Server could allow Arbitrary Code Execution (829436)” allows remote code execution.
MS03-047, “Vulnerability in Exchange Server 5.5 Outlook Web Access
Could Allow Cross-Site Scripting Attack (828489)” also permits remote
The second email message was also titled “Microsoft Exchange Server
Security Bulletin for October 2003,” but the body of the message
indicated it was really “Microsoft Windows Security Bulletin Summary
for October 2003.” This included five new threats for you to evaluate,
mitigate and/or patch:
MS03-041 – Vulnerability in Authenticode Could Allow Remote Code Execution (823182)
MS03-042 – Buffer Overflow in the Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
MS03-043 – Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
MS03-044 – Buffer Overflow in Windows Help and Support Center Could lead to System Compromise (825119)
MS03-045 – Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
I’m runing Windows Update on a few machines in the home office here,
and you’ll probably want to do the same. It’s the 42nd week of the year.