microsoft security
Microsoft Security Essentials 1.0.1611.0
Microsoft Security Essentials is able to give you a good chance to get high-quality protection against viruses and spyware, including Trojans, worms and other malicious software. more>>
Microsoft Security Essentials 1.0.1611.0 is able to give you a good chance to get high-quality protection against viruses and spyware, including Trojans, worms and other malicious software. And best of all, there are no costs or annoying subscriptions to keep track of.
Security Essentials is easy to install and easy to use. Updates and upgrades are automatic, so there's no need to worry about having the latest protection. It's easy to tell if you're protected - when the Security Essentials icon is green, your status is good. It's as simple as that.
When you're busy using your PC, you don't want to be bothered by needless alerts. Security Essentials runs quietly in the background, only alerting you if there's something you need to do. And it doesn't use a lot of system resources, so it won't get in the way of your work or fun.
Major Features:
- Comprehensive malware protection
- Simple, free download*
- Automatic updates
- Easy to use
Microsoft Security Essentials is a professionally designed program which provides real-time protection for your home PC that
Microsoft Security Update MS03-026
Security patch to prevent Blaster Worm virus more>> The Microsoft Product Support Services Security Team is issuing this alert to inform customers about a new worm named W32.Blaster.Worm which is spreading in the wild. This virus is also known as: W32/Lovsan.worm (McAfee), WORM_MSBLAST.A (Trendmicro), Win32.Posa.Worm (Computer Associates). Best practices, such as applying security patch MS03-026 should prevent infection from this worm.
This worm scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability patched by MS03-026.
Once the Exploit code is sent to a system, it downloads and executes the file MSBLAST.EXE from a remote system via TFTP. Once run, the worm creates the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill
Symptoms of the virus: Some customers may not notice any symptoms at all. A typical symptom is the system is rebooting every few minutes without user input. Customers may also see:
- Presence of unusual TFTP* files
- Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory
To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32 directory or download the latest anti-virus software signature from your anti-virus vendor and scan your machine.
<<lessMicrosoft Security Bulletin Q322273
Unchecked Buffer in Profile Service of Commerce Server more>> Summary:
Who should read this bulletin: System administrators using Microsoft? Commerce Server 2000 or Commerce Server 2002
Impact of vulnerability: Four vulnerabilities, each of which could run code of attacker?s choice.
Maximum Severity Rating: Critical
Recommendation: System administrators should install the patch immediately.
Affected Software:
Microsoft Commerce Server 2000 Microsoft Commerce Server 2002
<<lessMicrosoft Security Bulletin Q320920
Cumulative Patch for Windows Media Player more>> Summary
Who should read this bulletin: Customers using Microsoft? Windows Media? Player 6.4, 7.1 or Windows Media Player for Windows XP.
Impact of vulnerability: Three new vulnerabilities, the most serious of which could be used to run code of attackers choice.
Maximum Severity Rating: Critical
Recommendation: Customers running affected products should apply the patch immediately.
Affected Software:
Microsoft Windows Media Player 6.4
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player for Windows XP
Microsoft Security Bulletin MS01-033
Unchecked Buffer in Index Server ISAPI Extension more>> This update resolves the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" security vulnerability in Windows 2000 computers running Internet Information Service (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-033. Download now to prevent a malicious user from taking control of your Web server.<<less
Microsoft Security Bulletin MS02-026
Unchecked Buffer in ASP.NET Worker Process more>> Who should read this bulletin: Customers operating web servers running ASP.NET applications.
Impact of vulnerability: Denial of Service, Potentially Run Code of Attackers Choice.
Maximum Severity Rating: Moderate
Recommendation: Customers using StateServer mode should apply the patch. Customers who do not use StateServer mode need not take any action.
Affected Software:
Microsoft .NET Framework version 1.0, of which ASP.NET is a component.
When working with Microsoft ASP.NET, a component of the Microsoft .NET Framework provides for session state management through a variety of modes. One such mode, called StateServer, stores session state information in a separate running process that can run on either the same machine as the ASP.NET-based application or on a different machine. An unchecked buffer in one of the routines handles the processing of cookies in StateServer mode, resulting in a security vulnerability.
<<lessMicrosoft Security Bulletin MS07-002 2
Microsoft Security Bulletin MS07-002 is a useful program which can substitute a prior security update. more>>
Microsoft Security Bulletin MS07-002 2 is a useful program which can substitute a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list. Microsoft Knowledge Base Article 927198 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.
Microsoft Security Update MS04-038 1.0
Cumulative (critical) Security Update for Internet Explorer (834707) more>>
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should install the update immediately.
Security Update Replacement: This update replaces the update that is included with Microsoft Security Bulletin MS04-025. That update is also a cumulative update.
Caveats: Microsoft Knowledge Base Article 834707 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.
This update may not include hotfixes that have been released since the release of MS04-004 or MS04-025.
Customers who have received hotfixes from Microsoft or from their support providers since the release of MS04-004 or MS04-025 should review the FAQ section for this update to determine how this update might affect their operating systems.
Affected Software:
? Microsoft Windows NT Server 4.0 Service Pack 6a
? Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
? Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
? Microsoft Windows XP, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
? Microsoft Windows XP 64-Bit Edition Service Pack 1
? Microsoft Windows XP 64-Bit Edition Version 2003
? Microsoft Windows Server 2003
? Microsoft Windows Server 2003 64-Bit Edition
? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) ? Review the FAQ section of this bulletin for details about these operating systems.
Affected Components:
? Internet Explorer 5.01 Service Pack 3 on Windows 2000 SP3:
? Internet Explorer 5.01 Service Pack 4 on Windows 2000 SP4:
? Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me:
? Internet Explorer 6 on Windows XP
? Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, on Microsoft Windows XP, or on Microsoft Windows XP Service Pack 1
? Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me
? Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
? Internet Explorer 6 for Windows Server 2003
? Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
? Internet Explorer 6 for Windows XP Service Pack 2
Microsoft Security Bulletin MS04-020 2.0
Microsoft Security Bulletin MS04-020 Vulnerability in POSIX Could Allow Code Execution Vulnerability Identifiers: POSIX Vulnerability - CAN-2004-0210 - A privilege elevation vulnerability exists in more>> Microsoft Security Bulletin MS04-020
Vulnerability in POSIX Could Allow Code Execution
Vulnerability Identifiers: POSIX Vulnerability - CAN-2004-0210 - A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.
Impact of Vulnerability: Privilege Elevation
Windows NT4: Important
Windows 2000: Important
<<lessMicrosoft Security Bulletin (MS00-082) 2.0
Patch Available for Malformed MIME Header Vulnerability more>> Microsoft? has released a patch that eliminates a security vulnerability in Exchange Server 5.0 and Exchange Server 5.5. The vulnerability could enable a malicious user to cause an Exchange server to fail.<<less
Microsoft Security Bulletin MS03-039 824146
Critical update for NT/2000/XP/2003 more>> A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft Windows and gain complete control over it. You can help protect your computer by installing this update from Microsoft.
Note: Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.
<<lessMicrosoft Security Bulletin MS03-043 828035
Buffer Overrun in Could Allow Code Execution more>> A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The vulnerability results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer.
An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.
<<lessMicrosoft Security Bulletin MS02-058 Q328676
Unchecked Buffer in Outlook Express S/MIME Parsing more>> This update resolves the "Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676)" vulnerability in Outlook Express. Download now to keep your computer secure.<<less
Microsoft Security Bulletin MS03-005 810577
Unchecked Buffer in Windows Redirector more>> The Windows Redirector is used by a Windows client to access files, whether local or remote, regardless of the underlying network protocols in use. For example, the "Add a Network Place" Wizard or the NET USE command can be used to map a network share as a local drive, and the Windows Redirector will handle the routing of information to and from the network share.
A security vulnerability exists in the implementation of the Windows Redirector on Windows XP because an unchecked buffer is used to receive parameter information. By providing malformed data to the Windows Redirector, an attacker could cause the system to fail, or if the data was crafted in a particular way, could run code of the attacker?s choice.
<<lessMicrosoft Security Bulletin MS03-006 812709
Microsoft Security Bulletin MS03-006 812709 is a bulletin of security for Microsoft products that users can obtain assistance on a variety of topics. more>>
Microsoft Security Bulletin MS03-006 812709 is a bulletin of security for Microsoft products that users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance. Users and programs can execute URL links to Help and Support Center by using the "hcp://" prefix in a URL link instead of "http://".
A security vulnerability is present in the Windows Me version of Help and Support Center, and results because the URL Handler for the "hcp://" prefix contains an unchecked buffer.
An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, would execute code of the attacker's choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.
In the case of an e-mail borne attack, if the user was using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, then an attack could not be automated and the user would still need to click on a URL sent in e-mail. However if the user was not using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, the attacker could cause an attack to trigger automatically without the user having to click on a URL contained in an e-mail.
Requirements: Windows ME
