|
|
Virus & Security Alert list @ hardnet.ro
|
|
Latest Security Infos:
-
OPEN INFO
CLOSE INFO
Mozilla Multiple Vulnerabilities
-
OPEN INFO
CLOSE INFO
Microsoft Security Bulletin MS04-025
- Released: July 30, 2004
- Updated: August 1, 2004
- About: Cumulative Security Update for Internet Explorer (867801)
Maximum Severity Rating: Critical Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS04-004, which is itself a cumulative update.
-
OPEN INFO
CLOSE INFO
Microsoft Security Bulletin Summary for July, 2004
- Released: July 13th, 2004
- About: Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are:
Bulletin 1 Identifier: Microsoft Security Bulletin MS04-022 Bulletin 1 Severity: CRITICAL! Bulletin 1 Title: Vulnerability in Task Scheduler Could Allow Code Execution (841873) Executive 1 Summary: A remote code execution vulnerability exists in the Task Scheduler because of the way that it handles application name validation.
Bulletin 2 Identifier: Microsoft Security Bulletin MS04-023 Bulletin 2 Severity: CRITICAL! Bulletin 2 Title: Vulnerability in HTML Help Could Allow Code Execution (840315) Executive 2 Summary: Two remote code execution vulnerabilities exist in HTML Help.
Bulletin 3 Identifier: Microsoft Security Bulletin MS04-019 Bulletin 3 Severity: Important! Bulletin 3 Title: Vulnerability in Utility Manager Could Allow Code Execution (842526) Executive 3 Summary: A privilege elevation vulnerability exists in the way that Utility Manager launches applications.
Bulletin 4 Identifier: Microsoft Security Bulletin MS04-020 Bulletin 4 Severity: Important! Bulletin 4 Title: Vulnerability in POSIX Could Allow Code Execution (841872) Executive 4 Summary: A privilege elevation vulnerability exists in the POSIX subsystem.
Bulletin 5 Identifier: Microsoft Security Bulletin MS04-021 Bulletin 5 Severity: Important! Bulletin 5 Title: Security Update for IIS 4.0 (841373) Executive 5 Summary: A buffer overrun vulnerability exists in Internet Information Server 4.0.
Bulletin 6 Identifier: Microsoft Security Bulletin MS04-024 Bulletin 6 Severity: Important! Bulletin 6 Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) Executive 6 Summary: A remote code execution vulnerability exists in the way that the Windows Shell launches applications. User interaction is required to exploit this vulnerability.
-
OPEN INFO
CLOSE INFO
Microsoft Internet Explorer Multiple Vulnerabilities
-
OPEN INFO
CLOSE INFO
Microsoft Security Bulletin Summary for June, 2004
- Released: June 8th, 2004
- About: Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are:
Bulletin 1 Identifier: Microsoft Security Bulletin MS04-016 Bulletin 1 Title: Vulnerability in DirectPlay Could Allow Denial of Service (839643) Executive 1 Summary: A denial of service vulnerability exists in the IDirectPlay4 API of Microsoft DirectPlay because of a lack of robust packet validation. Bulletin 2 Identifier: Microsoft Security Bulletin MS04-017 Bulletin 2 Title: Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689) Executive 2 Summary: A directory traversal vulnerability exists in Crystal Reports and Crystal Enterprise from Business Objects that could allow Information Disclosure and Denial of Service attacks on an affected system.
-
OPEN INFO
CLOSE INFO
Symantec Multiple Firewall DNS Response DoS
- Released: May 15th, 2004
- About: Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.
Systems Affected: Symantec Norton Internet Security 2002 Symantec Norton Internet Security 2003 Symantec Norton Internet Security 2004 Symantec Norton Internet Security Professional 2002 Symantec Norton Internet Security Professional 2003 Symantec Norton Internet Security Professional 2004 Symantec Norton Personal Firewall 2002 Symantec Norton Personal Firewall 2003 Symantec Norton Personal Firewall 2004 Symantec Client Firewall 5.01, 5.1.1 Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1) Symantec Norton AntiSpam 2004
-
OPEN INFO
CLOSE INFO
Slackware 8.1, 9.x: Apache security bug
-
OPEN INFO
CLOSE INFO
Microsoft Security Bulletin MS04-015
- Released: May 11th, 2004
- About: This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
-
missing info
MS Win Security Bulletin for May, 2004
-
OPEN INFO
CLOSE INFO
Microsoft Security Bulletin MS04-014
- Released: May 11th, 2004
- About: Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action.
If you have previously applied the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1), you need not take any additional action as you are already protected from this vulnerability. However, if you want to have the Jet optional text error information in the same language as your Windows XP installation, you will need to remove the original security update MS04-014 (837001) following the Removal Information procedure located in this document and install the revised version. Once 837001 is uninstalled, revisiting Windows Update will result in the revised MS04-014 security update for Windows XP being re-offered with the correct, localized, optional text error strings.
-
OPEN INFO
CLOSE INFO
Microsoft Security Bulletin MS04-012
- Released: April 21st, 2004
- Updated: April 24th, 2004
- About: This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each vulnerability is documented in this bulletin in its own section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Microsoft recommends customers apply the update immediately.
-
OPEN INFO
CLOSE INFO
Sasser Worm Remover Tool Infos
- Released: May 2004
- About: Symantec Security Response has developed a removal tool to clean the infections of the following variants of the W32.Sasser worm:
W32.Sasser.Worm W32.Sasser.B.Worm W32.Sasser.C.Worm W32.Sasser.D.Worm W32.Sasser.E.Worm
-
OPEN INFO
CLOSE INFO
Microsoft Security Bulletin MS04-011
- Released: April 13th, 2004
- About: This update resolves several newly-discovered vulnerabilities. Each vulnerability is documented in this bulletin in its own section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Microsoft recommends that customers apply the update immediately.
|
|
|
Security Downloads:
|
|
|
|
|
SUBSCRIBE VIRUSALERT
Pentru a va DEZABONA de la aceasta lista, trimiteti un mesaj la
listserver@hardnet.ro
cu urmatorul continut:
UNSUBSCRIBE VIRUSALERT
(subiectul mesajului NU este important, poate fi orice sau poate fi lasat gol, conteaza doar continutul mesajului).
(... still working @ this ...)
|