[ISN] Microsoft Patches Five Security Flaws

From: InfoSec News (isnat_private)
Date: Fri Sep 05 2003 - 00:04:58 PDT

  • Next message: InfoSec News: "[ISN] Security means keeping the system up"

    Forwarded from: Marjorie Simmons <lawyerat_private>
    September 4th, 2003
    By: David Worthington
    Microsoft on Wednesday let loose a slew of security bulletins, the
    worst of the bunch affecting Office users. Of the five flaws, only one
    was deemed "critical." It allows a buffer overflow in the Visual Basic
    for Applications Software Development Kit, leaving 29 products
    vulnerable including the software giant's aligned productivity
    solution Microsoft Works.
    Two other flaws are labeled "important." The first deals with
    Microsoft's WordPerfect document converter built into all supported
    versions of FrontPage, Office, Publisher and Works, while the second
    allows a Macro to run automatically without user intervention.
    Office 2003 is not at risk from any of the vulnerabilities.
    A less severe "moderate" bulletin warns of a potential buffer overflow
    in the Access Snapshot Viewer.
    Finally, a "low" risk assessment is placed on a NETBIOS issue that
    could allow a malicious user to view data on a target machine. Every
    NT based version of Windows from 4.0 to Windows Server 2003 is
    affected. However, both Windows XP and Windows Server 2003 are
    shielded by the Internet Connection Firewall found in each operating
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 05 2003 - 03:12:26 PDT