February 2004 - Posts
Technical guidance, tools, training and updates...
You can also pre-order the upcoming Security Guidance Kit CD from the site:
http://www.microsoft.com/security/guidance/default.mspx
Interesting comments on the LWN site:
http://lwn.net/Articles/64400/
I'm not big on SPAM (who is?) and I frown on friends and family who forward email to everyone they know all the time. In fact, I'm sure I have a least a couple of family members who don't talk to me anymore because I asked them to take me off their mailing lists ;-)
That said, I sat down last night and SPAMMED everybody in my address book (on the Bcc line of course!) and told them to run to http://windowsupdate.microsoft.com and get the latest critical updates. I even asked them to pass the message on to everyone they know. You know how those emails go? “If you don't forward this to at least 10 people, you will have bad luck!” Well, in this case, I actually believe it.
Get the MS04-007 patch. Pass it on!
Today Microsoft released the following Security Bulletins.
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletins Summaries:
Windows: http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
Microsoft Macintosh Products: http://www.microsoft.com/technet/security/bulletin/macfeb04.asp
Critical Bulletins:
MS04-007 - ASN .1 Vulnerability Could Allow Code Execution (828028)
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
Important Bulletins:
MS04-005 - Vulnerability in Virtual PC could lead to privilege elevation (835150)
http://www.microsoft.com/technet/security/bulletin/MS04-005.asp
MS04-006 - Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
http://www.microsoft.com/technet/security/bulletin/MS04-006.asp
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
A new variant of the Mydoom worm (Mydoom.c) is running around. See the following for details:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/alerts/mydoomc.asp
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summaries:
Windows : http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
Critical Bulletins:
MS04-004 - Cumulative Security Update for Internet Explorer (832894)
http://www.microsoft.com/technet/security/bulletin/MS04-004.asp
This DOES NOT represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.