Re: FW: Microsoft Security Update

[Paul Tinsley <pdt@xxxxxxxxxxxxxx>]

Just FYI, that is by design, Microsoft releases security bulletins on 
Wednesdays and has a conference call with some of their bigger customers 
on Thursdays to discuss the concerns their "heavy hitters" might have.

The one thing I would like to share about MS03-037 that may help clear 
up some confusion.  It states: "When Microsoft Word is being used as the 
HTML e-mail editor in Outlook, a user would need to reply to or forward 
a malicious e-mail document sent to them in order for this vulnerability 
to be exploited."  The reason for this is that word doesn't really "kick 
in" until you have taken the email into an editing mode, by opening a 
reply or forward window.  You don't actually have to complete the 
forward or reply action, simply hitting reply or forward is enough.

So watch out for viruses offering free stuff to the next 20 people that 
reply :(

Thor Larholm wrote:

> I see a trend going on here, Word, Office, Office, Office and Office. I
> guess Office has been overdue in regards to security bulletins lately :)
>
> MS03-034 (NetBIOS information disclosure) gets a rating of Low, even though
> Blaster showed us just how many Windows installations run with all ports
> accessible.
>
> It's surprising that MS03-035 (circumventing Office Macro security) and
> MS03-036 (BO in WordPerfect Converter) got ratings of Important rather than
> Critical, I guess the bulletins are waiting for some autoamtic exploit to
> surface before revision.
>
> At least MS03-037 (VBA code execution) got a proper Critical rating.
>
> MS03-038 (code execution in Access Snapshot Viewer, an ActiveX control) got
> a rating of Moderate for webpage based exploits but completely forgets to
> mention HTML email.
>
> Lots of different ratings and lots of details to consider before system
> administrators can decide when to apply these patches, but we really want
> simplicity over complexity. I would still prefer 2 ratings instead of 4,
> Apply Now or Apply Later - with the latter heading for the bi-weekly patch
> job. Let's face it, rolling out patches in a big corporation on an almost
> daily basis is just not very effective or economical.
>
> Which leads to the positive side, it is definitely great to see Microsoft
> releasing 5 vulnerabilities in a single day, rather than releasing a new
> every other day. They must have listened to the feedback from administrators
> who tired of inefficient and constant patch jobs, and should definitely
> adhere to this practice in the future. It may be a small step in optimizing
> the entire patch process, but it's a positive trend.
>
> If there is anything we have learnt in the months behind us it is that
> producing patches is the least of our worries in security, getting
> administrators and endusers to actually apply those patches is an entirely
> different ballgame.
>
>
> Regards
> Thor Larholm
> PivX Solutions, LLC - Senior Security Researcher
>
>
>
> -----Original Message-----
> From: Microsoft
> [mailto:0_51922_1B06CAE9-7FDB-4EFF-B651-1869EADE5F25_DK@xxxxxxxxxxxxxxxx
> osoft.com]
> Sent: 3. september 2003 23:46
> To: thor@xxxxxxxx
> Subject: Microsoft Security Update
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> THE MICROSOFT SECURITY UPDATE NEWSLETTER
>
> September 3, 2003
>
> The Microsoft Security Update Newsletter for home users
> and small businesses provides information on security-related
> updates to Microsoft(R) products, as well as virus alerts
> and resources for more information on security issues.
>
> You have received this update as a subscriber to the Microsoft
> Security Update Newsletter. To cancel your subscription, follow
> the instructions at the bottom of this page.
> __________________________________________________
>
> SECURITY BULLETIN MS03-034
>
> Security Update for Microsoft Windows
> http://go.microsoft.com/?linkid=237617
>
> SEVERITY
> Low
>
> WHY WE ARE ISSUING THIS UPDATE
> A security issue has been identified in Microsoft Windows(R)
> that could allow an attacker to see information in your computer's
> memory over a network. You can help protect your computer by
> installing this update from Microsoft.
>
> MICROSOFT PRODUCTS AFFECTED BY THIS UPDATE
> Windows NT(R) Server 4.0
> Windows NT Server 4.0 Terminal Server Edition
> Windows 2000
> Windows XP
> Windows Server(TM) 2003
> __________________________________________________
>
> SECURITY BULLETIN MS03-035
>
> Security Update for Microsoft Word
> http://go.microsoft.com/?linkid=237618
>
> SEVERITY
> Important
>
> WHY WE ARE ISSUING THIS UPDATE
> An identified security issue in Microsoft Word(R) could allow an
> attacker to compromise a Microsoft Windows-based system and then
> take a variety of actions. For example, an attacker could read
> files on your computer or run programs on it. By installing this
> update, you can help protect your computer.
>
> MICROSOFT PRODUCTS AFFECTED BY THIS UPDATE
> Word 97, 98(J), 2000, and 2002
> Works Suite 2001, 2002, and 2003
> __________________________________________________
>
> SECURITY BULLETIN MS03-036
>
> Security Update for Microsoft Office
> http://go.microsoft.com/?linkid=237619
>
> SEVERITY
> Important
>
> WHY WE ARE ISSUING THIS UPDATE
> An identified security issue in Microsoft Office could allow an
> attacker to compromise a system using Microsoft Office and then
> take a variety of actions. For example, an attacker could read
> files on your computer or run programs on it. By installing this
> update, you can help protect your computer.
>
> MICROSOFT PRODUCTS AFFECTED BY THIS UPDATE
> Office 97, 2000, and XP
> Word 98(J)
> FrontPage 2000 and 2002
> Publisher 2000 and 2002
> Works Suite 2001, 2002, and 2003
> __________________________________________________
>
> SECURITY BULLETIN MS03-037
>
> Security Update for Microsoft Visual Basic for Applications
> http://go.microsoft.com/?linkid=237620
>
> SEVERITY
> Critical
>
> WHY WE ARE ISSUING THIS UPDATE
> An identified security issue in Microsoft Visual Basic(R) for
> Applications could allow an attacker to compromise a Windows-based
> system and then take a variety of actions. For example, an attacker
> could read files on your computer or run programs on it. By
> installing this update, you can help protect your computer.
>
> MICROSOFT PRODUCTS AFFECTED BY THIS UPDATE
> Visual Basic for Applications SDK 5.0, 6.0, 6.2, and 6.3
> Office 97, 2000, and XP
> Word 98(J)
> Visio 2000 and 2002
> Project 2000 and 2002
> Publisher 2002
> Works Suite 2001, 2002, and 2003
> Business Solutions Great Plains 7.5
> Business Solutions Dynamics 6.0 and 7.0
> Business Solutions eEnterprise 6.0 and 7.0
> Business Solutions Solomon 4.5, 5.0, and 5.5
> __________________________________________________
>
> SECURITY BULLETIN MS03-038
>
> Security Update for Microsoft Access and Access Snapshot Viewer
> http://go.microsoft.com/?linkid=237621
>
> SEVERITY
> Moderate
>
> WHY WE ARE ISSUING THIS UPDATE
> An identified security issue in Microsoft Access and the downloadable
> Access Snapshot Viewer could allow an attacker to compromise a system
> using Microsoft Office or the Microsoft Access Snapshot Viewer and
> then take a variety of actions. For example, an attacker could read
> files on your computer or run programs on it. By installing this
> update, you can help protect your computer.
>
> MICROSOFT PRODUCTS AFFECTED BY THIS UPDATE
> Access  97, 2000, and 2002
> __________________________________________________
> <snip rest>
>
>