October 16, 2003 Information Security Advisory

All,

Today, the Computer Emergency Response Team (CERT) issued a security advisory  (CA-2003-27)
about multiple  vulnerabilities in Microsoft Windows and Exchange:

Systems Affected

* Multiple  versions  of  Microsoft Windows (ME, NT 4.0, NT 4.0 TSE, 2000, XP, Server 2003)
* Microsoft Exchange Server 5.5 and Microsoft Exchange Server 2000

Overview

There  are multiple vulnerabilities in Microsoft Windows and Microsoft Exchange,  the  most 
serious of which could allow remote attackers to execute arbitrary code:

VU#575892 - Buffer overflow in Microsoft Windows Messenger Service.
VU#422156 - Microsoft  Exchange  Server incorrect handling of specially 
crafted SMTP extended verb requests.
VU#467036 - Buffer overflow in Microsoft  Windows  Help  and Support Center.
VU#989932 - Buffer overflow in Microsoft  Windows' Local Troubleshooter 
ActiveX control
VU#838572 - Microsoft  Windows  Authenticode unprompted ActiveX controls 
capability
VU#435444 - Microsoft Outlook Web Access (OWA) cross-site scripting vulnerability
VU#967668 - Microsoft  Windows  ListBox  and  ComboBox priviledge vulnerability

The  impact  of these vulnerabilities ranges from denial of service to the ability
to execute arbitrary code.

Microsoft Security Bulletins: MS03-041, MS03-042, MS03-043, MS03-044, MS03-045, 
MS03-046, and MS03-047.

Solution: Run Windows Update from http://v4.windowsupdate.microsoft.com/en/default.asp
and apply all the patches.

Happy safe computing!

Frederic Martin
www.workingarts.com

PS: If you want to be removed from this computer security advisory mailinglist, please 
reply with "remove" in the subject of the message.