Starting off the new year on the right foot!
MS03-001
Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker's choice on the system.
MS03-002
Cumulative Patch for Microsoft Content Management Server
A Cross-Site Scripting flaw exists in one of these ASP pages that could allow an attacker to insert script into the data being sent to a MCMS server.
MS02-070 Revised
Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)
Reason for Revision: Subsequent to releasing this bulletin it was determined that the
fix was not included in Microsoft Windows XP Service Pack 1.
MS03-003
Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure (812262)
A vulnerability exists because there is a flaw in the way Outlook 2002 handles a V1 Exchange Server Security certificate when using it to encrypt e-mail. As a result of this flaw, Outlook fails to encrypt the mail correctly and the message will be sent in plain text. This could cause the information in the e-mail to be exposed when the user believed it to be protected through encryption.
Download: MS02-070
Download: MS03-001
Download: MS03-002
Download: MS03-003
News source: Microsoft Product Security Notification Service