Five Microsoft Security Bulletins Released
by Berislav Kucan
Microsoft was pretty active in the past few days - they released five security bulletins dealing with the following products: SQL Server 2000, Windows Media Player, Microsoft Metadirectory and Microsoft Exchange 5.5 security issues.



Microsoft Security Bulletin MS02-039

Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution

http://www.net-security.org/advisory.php?id=876

SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance.



Microsoft Security Bulletin MS02-032

Cumulative Patch for Windows Media Player (Version 2.0)

http://www.net-security.org/advisory.php?id=875

On June 26, 2002, Microsoft released the original version of this bulletin, which described the patch it provided as being cumulative. We subsequently discovered that a file had been inadvertently omitted from the patch. While the omission had no effect on the effectiveness of the patch against the new vulnerabilities discussed below, it did mean that the patch was not cumulative. Specifically, the original patch did not include all of the fixes discussed in Microsoft Security Bulletin MS01-056. We have repackaged the patch to include the file and are re-releasing it to ensure that it truly is cumulative.



Microsoft Security Bulletin MS02-038

Cumulative Patch for SQL Server 2000 Service Pack 2

http://www.net-security.org/advisory.php?id=874

This patch eliminates two newly discovered vulnerabilities affecting SQL Server 2000 and MSDE 2000



Microsoft Security Bulletin MS02-037

Server Response To SMTP Client EHLO Command Results In Buffer Overrun

http://www.net-security.org/advisory.php?id=873

The Internet Mail Connector (IMC) enables Microsoft Exchange Server to communicate with other mail servers via SMTP. When the IMC receives an SMTP extended Hello (EHLO) protocol command from a connecting SMTP server, it responds by sending a status reply that starts with the following: 250 Exchange server ID Hello Connecting server ID



Microsoft Security Bulletin MS02-036

Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation

http://www.net-security.org/advisory.php?id=872

Microsoft Metadirectory Services (MMS) is a centralized metadirectory service that provides connectivity, management, and interoperability functions to help unify fragmented directory and database environments. It enables enterprises to link together disparate data repositories such as Exchange directory, Active Directory, third-party directory services, and proprietary databases, for the purpose of ensuring that the data in each is consistent, accurate, and can be centrally managed.

Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //