MS Security Bulletins for the new year

Starting off the new year on the right foot!

MS03-001

Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)

A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker"s choice on the system.

MS03-002

Cumulative Patch for Microsoft Content Management Server

A Cross-Site Scripting flaw exists in one of these ASP pages that could allow an attacker to insert script into the data being sent to a MCMS server.

MS02-070 Revised

Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)

Reason for Revision: Subsequent to releasing this bulletin it was determined that the

fix was not included in Microsoft Windows XP Service Pack 1.

MS03-003

Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure (812262)

A vulnerability exists because there is a flaw in the way Outlook 2002 handles a V1 Exchange Server Security certificate when using it to encrypt e-mail. As a result of this flaw, Outlook fails to encrypt the mail correctly and the message will be sent in plain text. This could cause the information in the e-mail to be exposed when the user believed it to be protected through encryption.

Download: MS02-070

Download: MS03-001

Download: MS03-002

Download: MS03-003

News source: Microsoft Product Security Notification Service

Report a problem with article
Next Article

35 Million AOL Accounts Exposed

Previous Article

SMS 2.0 Service Pack 5 Beta