Microsoft Releases Three More Security Bulletins
by Berislav Kucan - Thursday, 12 December 2002.
In yet another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft VM, Windows 2000, Windows XP and Windows NT 4 security problems.

Bulletin: MS02-069

Title: Flaw in Microsoft VM Could Enable System Compromise

Risk: Critical

Advisory: http://www.net-security.org/advisory.php?id=1385

Description: A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for eight newly reported security issues. The attack vectors for all of the new issues would likely be the same. An attacker would create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.



Bulletin: MS02-070

Title: Flaw in SMB Signing Could Enable Group Policy to be Modified

Risk: Moderate

Advisory: http://www.net-security.org/advisory.php?id=1386

Description: Server Message Block (SMB) is a protocol natively supported by all

versions of Windows. A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system.



Bulletin: MS02-071

Title: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation

Risk: Important

Advisory: http://www.net-security.org/advisory.php?id=1387

Description: Windows messages provide a way for interactive processes to react to user events and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer.

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //