JmanB Premium Member join:2003-08-27 Redmond, WA
3 recommendations |
JmanB
Premium Member
2003-Oct-3 10:29 pm
Microsoft Security Bulletins for 10/3/2003Title: Cumulative Patch for Internet Explorer Execution (828750) Date: October 3, 2003 Software: Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0 Internet Explorer 6.0 for Windows Server 2003 Impact: Run code of attackers choice. Maximum Severity Rating: Critical Bulletin: MS03-040 The Microsoft Security Response Center has released Microsoft Security Bulletin MS03-040 What Is It? The Microsoft Security Response Center has released Microsoft Security Bulletin MS03-040 which concerns a vulnerability in Internet Explorer. Customers are advised to review the information in the bulletin, test and deploy the patch immediately in their environments, if applicable. More information is now available at » www.microsoft.com/techne ··· -040.aspIf you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. |
|
|
Misfits1
Anon
2003-Oct-3 10:51 pm
Thank you for informing us,everyone patch your ie! |
|
mrgeek Premium Member join:2002-12-13 Dundee, IL |
to JmanB
Anybody else get a Windows Media Player security update...kb828026? |
|
hpguruCurb Your Dogma Premium Member join:2002-04-12 |
hpguru
Premium Member
2003-Oct-3 11:12 pm
said by mrgeek: Anybody else get a Windows Media Player security update...kb828026?
Just installed it. |
|
mrgeek Premium Member join:2002-12-13 Dundee, IL |
mrgeek
Premium Member
2003-Oct-3 11:17 pm
Thank you. Wonder why it wasn't posted with the IE security bulletin? |
|
|
to JmanB
yep got both .
Microsoft should send out a FREE cd to eveyone with all the current updates.
My system has so many patches I have patches on patches and patches to fix patches that where supposed to fix patches .
. |
|
JackCam614 Premium Member join:2000-08-24 New Hyde Park, NY
|
to mrgeek
said by mrgeek: Thank you. Wonder why it wasn't posted with the IE security bulletin?
Hey mrgeek, As noted in my email notification regarding this MS Patch, the Windows Media Update is not considered a 'security patch'. I'm guessing for this reason, it is not addressed in this Security related thread. ------------------------------------------------------ In addition to applying this security patch it is recommended that users also install the Windows Media Player update referenced in Knowledge Base Article 828026. This update is available from Windows Update as well as the Microsoft Download Center for all supported versions of Windows Media Player. While not a security patch, this update contains a change to the behavior of Windows Media Player's ability to launch URL's to help protect against DHTML behavior based attacks. Specifically, it restricts Windows Media Player's ability to launch URL's in the local computer zone from other zones. ------------------------------------------------------------ ... Jack [text was edited by author 2003-10-03 23:34:33][text was edited by author 2003-10-03 23:37:07] |
|
Daemon Premium Member join:2003-06-29 Washington, DC
|
to JmanB
was beaten to the punch....
anyway, I only complain that the bulletin came out so late in the day. I was on WU not a few hours ago and it wasn't out for download. [text was edited by author 2003-10-03 23:37:00] |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand |
to JmanB
Thank you! |
|
mrgeek Premium Member join:2002-12-13 Dundee, IL |
to JackCam614
Thanks for the clarification. |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
to JmanB
Wow! MS actually released updates on a Friday! Wowser. |
|
|
Karnog join:2002-03-03 Westminster, CA |
to JmanB
One down, several thousand more to go:) woohoo! |
|
|
to JmanB
I received an e-mail notice from Microsoft about the new patch. I have XP set up for automatic updating. I always get the update signal before I receive the e-mail notification. Not this time though. Anyone else have automatic update enabled, and if so, did you receive the notice? |
|
|
to JmanB
Does this patch fix the Objectdata vulnerability reported by eEye ? » www.eeye.com/html/Resear ··· 820.html |
|
catseyenuAck Pfft Premium Member join:2001-11-17 Fix East |
From: » www.secunia.com/MS03-032quote:
MS03-032: Object Data Vulnerability Test
Test to see if your browser is vulnerable to the latest Microsoft Internet Explorer vulnerability. The vulnerability which is called the "Object Data Vulnerability" allows malicious websites, emails or newsgroup messages to silently download and execute any file on your system.
Secunia has issued an extraordinary alert, which is rated as "Extremely Critical". Clicking on the link below will perform a test to verify whether or not you are vulnerable to the Object Data vulnerability reported by eEye. NOTE: http-equiv has proved that the MS03-032 Security Bulletin from Microsoft fails to close the "Object Data" vulnerability. This test has been updated to use the latest exploit code as described by http-equiv and GreyMagic.
WARNING: If you are vulnerable, the Secunia website will execute Internet Explorer on your system and load a new web page.
I got a prompt which I denied and no instance of IE. Patch seems to be working. |
|
MRK8 Premium Member join:2001-01-11 San Antonio, TX |
MRK8
Premium Member
2003-Oct-4 5:02 am
said by catseyenu: From: »www.secunia.com/MS03-032quote: MS03-032: Object Data Vulnerability Test
WARNING: If you are vulnerable, the Secunia website will execute Internet Explorer on your system and load a new web page.
I got a prompt which I denied and no instance of IE. Patch seems to be working.
If ActiveX is disabled (or on prompt, and refused) this test should fail anyway with or without the patch, correct? |
|
sig6 Premium Member join:2001-05-05 |
to Mannaggia5
Mannaggia: Just FYI, I have auto update set to notify me when an update is available and I haven't seen anything from it yet. |
|
sig6 |
sig6 to JmanB
Premium Member
2003-Oct-4 5:23 am
to JmanB
quote: What You Should Know About Microsoft Security Bulletin MS03-040 (828750)
Why We Are Issuing This Update A number of security issues have been identified in Microsoft® Internet Explorer that could allow an attacker to compromise a Microsoft Windows®-based system and then take a variety of actions. For example, an attacker could run programs on your computer when you are viewing a Web page. This vulnerability affects all computers that have Internet Explorer installed. (You do not have to be using Internet Explorer as your Web browser to be affected by this issue.) You should help protect your computer by installing this update from Microsoft.
(I added the bold for emphasis.) » www.microsoft.com/securi ··· -040.asp |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2003-Oct-4 5:41 am
I just read that and installed the patch. However, I don't understand how, if I was using Mozilla, I could be affected by an IE issue even if IE is a part of the OS. Care to explain? |
|
dp MVM join:2000-12-08 Greensburg, PA |
to JmanB
Thanks for the heads-up on that update. |
|
|
to JmanB
odd while doing a update of xp pro..fresh install sp 1 no updates..I had 60 mbs to dl..did that in 8 minutes..and while installing wanted to access 10/04/2003 03:20:52 Allowed TCP Outgoing wustat.windows.com [207.46.197.121] 1208 C:\Program Files\Internet Explorer\IEXPLORE.EXE 10/04/2003 03:19:49 10/04/2003 03:19:50 with the name was service pack update..which was weird since I never saw it before..I had to allow it or it would just sit there..not moving the progress bar..has anyone else gotten this before? while installing updates from ms site? |
|
dp MVM join:2000-12-08 Greensburg, PA |
to mrgeek
said by mrgeek: Anybody else get a Windows Media Player security update...kb828026?
I'm running WinME and I also got that update as well. |
|
|
to Mannaggia5
said by Mannaggia5: I received an e-mail notice from Microsoft about the new patch. I have XP set up for automatic updating. I always get the update signal before I receive the e-mail notification. Not this time though. Anyone else have automatic update enabled, and if so, did you receive the notice?
Nope. I also have automatic updates enabled but I didn't get it trough automatic updates. I got the e-mail and updated manually |
|
catseyenuAck Pfft Premium Member join:2001-11-17 Fix East |
to MRK8
said by MRK8: If ActiveX is disabled (or on prompt, and refused) this test should fail anyway with or without the patch, correct?
Maybe that's all the patch did, changed the default settings? I ran the test pre-patch and got the pop up, post patch... prompt. Gawd, somebody shoot me. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to JmanB
>I got a prompt which I denied and no instance of IE. Patch seems to be working.
I ran this test after installing the patch. I have always had IE on prompt for Active X. I didn't get any prompt when I ran the test. All that happened was that the page reloaded. |
|
bcool Premium Member join:2000-08-25 |
bcool to dp
Premium Member
2003-Oct-4 7:56 am
to dp
said by dp:
said by mrgeek: Anybody else get a Windows Media Player security update...kb828026?
I'm running WinME and I also got that update as well.
Well, I dual boot and haven't run windowsupdate in a couple of weeks on WIN98SE. This is what I get when attempting to check for updates while on WIN98SE hmmmm.....wonder where else I can find kb828026? |
|
dp MVM join:2000-12-08 Greensburg, PA |
dp
MVM
2003-Oct-4 8:10 am
I just checked the Windows Update Catalog and didn't see kb828026 listed for Win98/98SE but it is listed if you look up WinME. |
|
hpguruCurb Your Dogma Premium Member join:2002-04-12 |
to SS_2003 Rule
said by SS_2003 Rule: ..and while installing wanted to access 10/04/2003 03:20:52 Allowed TCP Outgoing wustat.windows.com [207.46.197.121] 1208 C:\Program Files\Internet Explorer\IEXPLORE.EXE 10/04/2003 03:19:49 10/04/2003 03:19:50 with the name was service pack update..which was weird since I never saw it before..I had to allow it or it would just sit there..not moving the progress bar..has anyone else gotten this before? while installing updates from ms site?
At one time I had wustat.windows.com in the hosts file. I removed it after receiving reports that it disables WU for users of WinXP. It doesn't seem to effect users of WinNT/2K or Win9x/Me however. I block it in my own config without any ill effect. |
|
FoMoCo466 C.I.D. join:2001-01-10 Grand Rapids, MI
|
to JmanB
I tested on that page and got a pop up window but it was just a blank window.This with unpatch 98se.Then I patched my wifes 98 box and tested it.I get a file download pop up box asking if I want to dl HTML application. [text was edited by author 2003-10-04 10:16:04] |
|
mrgeek Premium Member join:2002-12-13 Dundee, IL |
to JmanB
I also didn't get the media player update on my Win98SE box, but I reformatted and installed Media Player 9 (along with all the other patches) in July and figured what was covered in the patch was already included with my download, so no patch was needed. |
|