Microsoft Releases Three More Security Bulletins
by Berislav Kucan - Thursday, 12 December 2002.
In yet another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft VM, Windows 2000, Windows XP and Windows NT 4 security problems.

Bulletin: MS02-069

Title: Flaw in Microsoft VM Could Enable System Compromise

Risk: Critical

Advisory: http://www.net-security.org/advisory.php?id=1385

Description: A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for eight newly reported security issues. The attack vectors for all of the new issues would likely be the same. An attacker would create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.



Bulletin: MS02-070

Title: Flaw in SMB Signing Could Enable Group Policy to be Modified

Risk: Moderate

Advisory: http://www.net-security.org/advisory.php?id=1386

Description: Server Message Block (SMB) is a protocol natively supported by all

versions of Windows. A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system.



Bulletin: MS02-071

Title: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation

Risk: Important

Advisory: http://www.net-security.org/advisory.php?id=1387

Description: Windows messages provide a way for interactive processes to react to user events and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer.

Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //