JmanB
Premium,VIP
join:2003-08-27
Redmond, WA
 ·Vonage
|  Microsoft Security Bulletins for 11/11/2003
Today Microsoft released the following Security Bulletins.
Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletins Summaries:
Windows – »www.microsoft.com/technet/securi···ov03.asp
Office – »www.microsoft.com/technet/securi···ov03.asp
Critical Bulletins:
MS03-048 – Cumulative Security Update for Internet Explorer (824145)
»www.microsoft.com/technet/securi···-048.asp
MS03-049 – Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
»www.microsoft.com/technet/securi···-049.asp
MS03-051 – Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
»www.microsoft.com/technet/securi···-051.asp
Important Bulletins:
MS03-050 – Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
»www.microsoft.com/technet/securi···-050.asp
In addition to the new bulletins above, the following Important bulletin was re-released:
MS02-050 – Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
»www.microsoft.com/technet/securi···-050.asp
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights. |
|
dp
Go Steelers
Premium,MVM
join:2000-12-08
Greensburg, PA | Thanks for the heads-up, time for some updating  |
|
Tablet
Premium
join:2003-01-15
Czech |  reply to JmanB
Only the MS03-048 Cumulative Patch appeared through Windowsupdate for me on my WinXP Pro SP1.
As I've said in the other thread everything works fine after having applied the patch. |
|
parputt
Premium
join:2001-11-25
New Iberia, LA | reply to JmanB
Thanks jb! Got the IE and Office updates and everything is chugging along normally.
--
Computer Cops |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand | reply to JmanB
Chugging along peacefully with no burps!  |
|
Matt Day
join:2003-05-05
uk
| Cheers JB  Ditto to no noticed problems... |
|
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
| reply to Tablet
Microsoft Critical Update for Today |
said by Tablet  :
Only the MS03-048 Cumulative Patch appeared through Windowsupdate for me on my WinXP Pro SP1. As I've said in the other thread everything works fine after having applied the patch.
Same here {see thumbnail pic, click to enlarge}.
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| It seems that 828749 is the same as 828035 for XP only. This was released October 15:
Note: The Windows XP security updates that released on October 15th as part of Security Bulletin MS03-043 (828035) include the updated file that helps protect from this vulnerability. If you have applied the Windows XP security updates for MS03-043 (828035) you do not have to reapply this update. However, the Windows 2000 security update that is released as part of this security bulletin contains updated files that were not part of the MS03-043 (828035) security bulletin. Customers have to apply this Windows 2000 security update even if they applied the Windows 2000 security updates for MS03-043 (828035).»www.microsoft.com/technet/treevi···-049.asp
As far as I recall, Office Updates do not come via Windows Update. |
|
parputt
Premium
join:2001-11-25
New Iberia, LA
 ·AT&T Southeast
| said by Sparrow :
As far as I recall, Office Updates do not come via Windows Update.
There is a tab at the very top of the Update page "Office Update" Click it and your computer will be scanned for updatable Office products.
--
Computer Cops |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to JmanB
There are several people posting who use XP and have only received the MS03-048 Cumulative Patch for IE......myself included.
Why aren't we getting this one???
MS03-051 – Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
»www.microsoft.com/technet/security/bul..
--
GuruGuy |
|
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
| said by GuruGuy :
Why aren't we getting this one???
MS03-051 – Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
»www.microsoft.com/technet/security/bul..
Because we run Home Edition {a Client Product} and don't run a Server?
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) |
|
Daemon
Premium
join:2003-06-29
San Francisco, CA
| reply to JmanB
see crystal sky's response:
for XP, MS043 is a superset of the newly release patch
edit: my mistake- GuruGuy was asking about another patch |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to Randy Bell
Because we run Home Edition {a Client Product} and don't run a Server?
Thanks Randy,
Be nice if they'd note that in the message instead of just stating:
Affected Software:
Microsoft Windows 2000 Service Pack 2, Service Pack 3
Microsoft Windows XP, Microsoft Windows XP Service Pack 1
Microsoft Office XP, Microsoft Office XP Service Release 1 |
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to Daemon
GuruGuy said:
There are several people posting who use XP and have only received the MS03-048 Cumulative Patch for IE......myself included.
Why aren't we getting this one???
MS03-051 – Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
»www.microsoft.com/technet/security/bul..
--
ryri said:
see crystal sky's response:
for XP, MS043 is a superset of the newly release patch
------------------------------------
Thanks, but that applies to MS03-049......not MS03-051 which is what I was inquiring about.
--
GuruGuy |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| reply to parputt
said by parputt :
said by Sparrow :
As far as I recall, Office Updates do not come via Windows Update.
There is a tab at the very top of the Update page "Office Update" Click it and your computer will be scanned for updatable Office products.
I just mentioned this to clarify that "Office Updates" are not part and parcel of Automatic Windows Updates. I have my own "secret" link for Office Updates »office.microsoft.com/officeupdat···log.aspx
--
oO^..^Oo |
|
jeff3120
Premium
join:2001-09-02
Chicago, IL
clubs:
·AT&T Midwest
| reply to GuruGuy
said by GuruGuy :
Thanks, but that applies to MS03-049......not MS03-051 which is what I was inquiring about.
I also didn't see the update available on the Windows Update page, so I went here »www.microsoft.com/technet/securi···-051.asp to download it manually. If you click on the FAQ section, the first topic deals with finding which version is on your computer. Since FrontPage Server Extensions is standard on both 2000 and XP(I'm running XP Pro), I don't know why windows update isn't showing the update. In any case I downloaded and applied the patch without problem. |
|
dannyboy 950
Premium
join:2002-12-30
Port Arthur, TX | reply to JmanB
Well apparently my Gremlins are hard at work and trying to keep me from doing anything against them once again the update page wont work for me. I will try to sneak in the back way and get the patches manually |
|
Michael
Premium
join:2001-05-06
Canada
| reply to JmanB
I found something interesting concerning W98 and W98SE and MS03-048. In the link that JmanB posted for MS03-048, the following operating systems are shown as being affected:
quote:
Affected Software
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows NT® Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
Microsoft Windows XP, Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server® 2003
Microsoft Windows Server 2003, 64-Bit Edition
Source
But in the email I just received from MS, the following software is listed as being affected:
quote:
** Critical Security Bulletins
MS03-048 - Cumulative Update for Internet Explorer (824145)
- Affected Software:
- Microsoft Windows Millennium Edition
- Microsoft Windows NT Workstation 4.0,
Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server
Edition, Service Pack 6
- Microsoft Windows 2000 Service Pack 2, Service
Pack 3, and Service Pack 4
- Microsoft Windows XP,
Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64 bit Edition
I am curious to see if W98 and W98SE users do in fact receive this update.
--
The views expressed in this post do not necessarily reflect the views of the poster. |
|
Michael
Premium
join:2001-05-06
Canada
| reply to JmanB
It would appear I have found a very small bug after installing MS03-048 on my XP HE SP1 system.
When viewing web pages, I often right-click on the vertical scroll bar (found on the right side of the web page) to get a menu that allows me to get back to the top of the page I am viewing just by clicking Top in the menu. Doing this still takes me to the top of the web page but the menu does not go away as it usually does. When I left-click on a blank spot on a web page to try to get rid of this menu, the right-click menu then appears. Clicking again on a blank spot on the web page gets rid of all menus. To make sure it was the update that was causing this, I rolled my system back using GoBack. All is fine now so the update is definitely causing this for me. Can anyone else duplicate this?
|
|
GuruGuy
join:2002-12-16
Atlanta, GA
| reply to JmanB
Doing this still takes me to the top of the web page but the menu does not go away as it usually does. When I left-click on a blank spot on a web page to try to get rid of this menu, the right-click menu then appears. Clicking again on a blank spot on the web page gets rid of all menus
-------
For me it goes to the top of the page and context menu is still there....ONE left click on the page and it goes away.
--
GuruGuy |
|
