Microsoft Releases Three More Security Bulletins
by Berislav Kucan - Thursday, 12 December 2002.
In yet another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft VM, Windows 2000, Windows XP and Windows NT 4 security problems.

Bulletin: MS02-069

Title: Flaw in Microsoft VM Could Enable System Compromise

Risk: Critical


Description: A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for eight newly reported security issues. The attack vectors for all of the new issues would likely be the same. An attacker would create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.

Bulletin: MS02-070

Title: Flaw in SMB Signing Could Enable Group Policy to be Modified

Risk: Moderate


Description: Server Message Block (SMB) is a protocol natively supported by all

versions of Windows. A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system.

Bulletin: MS02-071

Title: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation

Risk: Important


Description: Windows messages provide a way for interactive processes to react to user events and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th