Security Bulletin MS03-048 brings a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionaly, it eliminated five newly discovered vulnerabilities.
In mid October security firm PivX Solutions shut down their page of unpatched Internet Explorer holes but the problems with Internet Explorer will apparenlty not come to an end soon. A list of unpatched vulnerabilities can be found at this website maintained by Liu Die Yu, a security researcher from China.
Security Bulletin MS03-049 is about a security vulnerability the exists in the Workstation service. This vulnerability could allow remote code execution on an affected system. It results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain system privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
Security Bulletin MS02-050 is the re-release of the original version of the bulletin which was released in September 2002. Microsoft said that they re-issued this security bulletin in order to advise on the availability of an updated Windows 2000 Service Pack 4 (SP4) security patch. This revised security patch corrects a regression that may occur during the installation of Microsoft Internet Explorer 6.0 Service Pack 1 on Windows 2000 SP4. This regression removes the update that is discussed in this bulletin and that is provided as part of Windows 2000 SP4.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.