Ergebnis 1 bis 11 von 11

Thema: jede menge Updates

  1. #1
    Brummelchen

    jede menge Updates

    Moin Boardies.

    MS hat in den letzte Tagen jede Menge Updates rausgebracht:


    -----------------------------------------------------------------------
    Title: Flaw in Certificate Enrollment Control Could Allow
    Deletion of Digital Certificates (Q323172)
    Date: 28 August 2002
    Software: Microsoft Windows 98
    Microsoft Windows 98 Second Edition
    Microsoft Windows Millennium
    Microsoft Windows NT 4.0
    Microsoft Windows 2000
    Microsoft Windows XP
    Impact: Denial of service
    Max Risk: Critical
    Bulletin: MS02-048

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/sec.../MS02-048.asp.
    - ----------------------------------------------------------------------

    Issue:
    ======
    All versions of Windows ship with an ActiveX control known as the
    Certificate Enrollment Control, the purpose of which is to allow
    web-based certificate enrollments. The control is used to submit PKCS
    #10 compliant certificate requests, and upon receiving the requested
    certificate, stores it in the user's local certificate store.

    The control contains a flaw that could enable a web page, through
    an extremely complex process, to invoke the control in a way that
    would delete certificates on a user's system. An attacker who
    successfully exploited the vulnerability could corrupt trusted root
    certificates, EFS encryption certificates, email signing
    certificates,
    and any other certificates on the system, thereby preventing the user
    from using these features.

    An attack could be carried out through either of two scenarios. The
    attacker could create a web page the that exploits the vulnerability,
    and host it on a web site in order to attack users who visited the
    site. The attacker also could send the page as an HTML mail in order
    to attack the recipient.

    A new version of the control is available that corrects the
    vulnerability, and can be installed via the patch. A patch is
    available for all other Windows systems, as discussed in the Patch
    Availability section below. Internet Explorer 5 or later is a
    prerequisite to installing the patch. As discussed in the Caveats
    section, customers who operate web sites that use the Certificate
    Enrollment Control will need to make minor revisions to their web
    applications in order to use the new control. Microsoft Knowledge
    Base article Q323172 details how to do this.

    In addition, the patch addresses a similar, but less serious
    vulnerability discovered in the SmartCard Enrollment control.
    This control ships with Windows 2000 and Windows XP. A new version
    of this control is also provided.

    Mitigating Factors:
    ====================
    - - The web site-based attack vector could not be exploited if ActiveX
    controls were disabled in the Security Zone associated with the
    attacker's site.
    - - The mail-based attack vector could not be exploited if the
    recipient's email client handles HTML mail in the Restricted Sites
    Zone. Outlook Express 6 and Outlook 2002 open mail in this zone by
    default. Outlook 98 and 2000 open HTML mail in the Restricted Sites
    Zone if the Outlook Email Security Update has been installed.
    - - The vulnerability would not enable certificates on smart cards to
    be corrupted, even if the smart card were in the system at the time
    of an attack.

    Risk Rating:
    ============
    - Internet systems: Low
    - Intranet systems: Low
    - Client systems: Critical

    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletin at
    http://www.microsoft.com/technet/sec...n/ms02-048.asp
    for information on obtaining this patch.

    - ---------------------------------------------------------------------
    -----------------------------------------------------------------------
    Title: Cumulative Patch for Internet Explorer (Q323759)
    Date: 22 August 2002
    Software: Internet Explorer
    Impact: Six new vulnerabilities, the most serious of which
    could enable an attacker to execute commands on a
    user's system.
    Max Risk: Critical
    Bulletin: MS02-047

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/sec.../MS02-047.asp.
    -----------------------------------------------------------------------

    Issue:
    ======
    This is a cumulative patch that includes the functionality of all
    previously released patches for IE 5.01, 5.5 and 6.0. In addition,
    it eliminates the following six newly discovered vulnerabilities:

    - A buffer overrun vulnerability affecting the Gopher protocol
    handler. This vulnerability was originally discussed in
    Microsoft Security Bulletin MS02-027, which provided workaround
    instructions while the patch provided here was being completed.

    - A buffer overrun vulnerability affecting an ActiveX control used
    to display specially formatted text. The control contains a buffer
    overrun vulnerability that could enable an attacker to run code
    on a user?s system in the context of the user.

    - A vulnerability involving how Internet Explorer handles an HTML
    directive that displays XML data. By design, the directive
    should only allow XML data from the web site itself to be
    displayed. However, it does not correctly check for the case
    where a referenced XML data source is in fact redirected to a
    data source in a different domain. This flaw could enable an
    attacker?s web page to open an XML-based files residing a
    remote system within a browser window that the site could
    read, thereby enabling the attacker to read contents from
    websites that users had access to but the attacker was not
    able to navigate to.

    - A vulnerability involving how Internet Explorer represents the
    origin of a file in the File Download Dialogue box. This flaw
    could enable an attacker to misrepresent the source of a file
    offered for download in an attempt to fool users into
    accepting a file download from an untrusted source believing
    it to be coming from a trusted source.

    - A Cross Domain verification vulnerability that occurs because
    of improper domain checking in conjunction with the Object tag.
    As a result, the vulnerability could enable a malicious web
    site operator to access data across different domains, for
    example one in a web site?s domain and the other on the
    user?s local file system and then pass information from the
    latter to the former. This could enable the web site operator
    to read, but not change, any file on the user?s local computer
    that could be viewed n a browser window. In addition, this can
    also enable an attacker to invoke, but not pass parameters to,
    an executable on the local system, much like the
    "Local Executable Invocation via Object tag" vulnerability
    discussed in MS02-015.

    - A newly reported variant of the "Cross-Site Scripting in Local
    HTML Resource" vulnerability originally discussed in
    Microsoft Security Bulletin MS02-023. Like the original
    vulnerability, this variant could enable an attacker to create
    a web page that, when opened, would run in the Local Computer
    zone, allowing it to run with fewer restrictions than it would
    in the Internet Zone.

    In addition, the patch sets the Kill Bit on the MSN Chat ActiveX
    control discussed in Microsoft Security Bulletin MS02-022 as well
    as the TSAC ActiveX control discussed in Microsoft Security
    Bulletin MS02-046. This has been done to ensure that vulnerable
    controls cannot be introduced onto users? systems. Customers
    who use the MSN Chat control should ensure that they have applied
    the updated version of the control discussed in MS02-022 and
    customers who use the TSAC control should ensure that they
    have applied the updated version of the control discussed
    in MS02-046 .


    Mitigating Factors:
    ====================
    Buffer Overrun in Gopher Protocol Handler:

    - The vulnerability would provide the attacker with user?s own
    privileges on the system. Customers who run with fewer than
    full privileges on the system would therefore be at lower risk.

    Buffer Overrun in Legacy Text Formatting ActiveX Control:

    - The vulnerable ActiveX control is not installed by default as
    part of a current version of IE. Upon learning of the
    vulnerability, Microsoft removed the download from its site
    to minimize the likelihood that users would have the control
    on their systems.

    - The vulnerability would provide the attacker with the user?s
    own privileges on the system. Customers who run with fewer
    than full privileges on the system would therefore be at
    lower risk.

    - Customers who use Outlook Express 6.0 or Outlook 2002
    (or Outlook 98 or 2000 in conjunction with the Outlook Email
    Security Update) would by default by protected against
    email-borne attacks via this vulnerability unless they
    specifically clicked a link within the email message.

    XML File Reading via Redirect:

    - The vulnerability only provides a capability to read
    XML-based files that they know the complete path to.

    - The vulnerability could not be used to add, change or delete
    files.

    - Customers who use Outlook Express 6.0 or Outlook 2002
    (or Outlook 98 or 2000 in conjunction with the Outlook Email
    Security Update) would by default by protected against
    email-borne attacks via this vulnerability.

    File Origin spoofing:

    - The vulnerability does not give an attacker the means to
    place or run executables directly on the system: user
    interaction is required in a successful attack.

    Cross Domain Verification in Object Tag:

    - The vulnerability would not enable the attacker to pass any
    parameters to an executable program. Microsoft is not aware
    of any programs installed by default in any version of
    Windows that, when called with no parameters, could be used
    to compromise the system.

    - An attacker could only invoke a file on the victim?s local
    machine. The vulnerability could not be used to execute a
    program on a remote share or web site.

    - The vulnerability would not provide any way for an attacker
    to put a program of his choice onto another user?s system.

    - An attacker would need to know the name and location of any
    file on the system to successfully invoke it.

    - The vulnerability could only be used to view or invoke files.
    It could not be used to create, delete, or modify them.

    - The vulnerability would only allow an attacker to read files
    that can be rendered in a browser window, such as image files,
    HTML files and ext files. Other file types, such as binary
    files, executable files, Word documents, and so forth, could
    not be read.

    - Outlook 98 and 2000 (after installing the Outlook Email Security
    Update), Outlook 2002, and Outlook Express 6 all open HTML mail
    in the Restricted Sites Zone. As a result, customers using
    these products would not be at risk from email-borne attacks.

    Variant of Cross-Site Scripting in Local HTML Resource:

    - Outlook 98 and 2000 (after installing the Outlook Email
    Security Update), Outlook 2002, and Outlook Express 6 all
    open HTML mail in the Restricted Sites Zone. As a result,
    customers using these products would not be at risk from
    automated email-borne attacks. However, these customers can
    still be attacked if they choose to click on a hyperlink in a
    malicious HTML email.

    - Customers using Outlook 2002 SP1 who have enabled the "Read as
    Plain Text" feature would be immune from the HTML email
    attack. This is because this feature disables all HTML
    elements, including scripting, from mail when it is displayed.

    - Any limitations on the rights of the user's account would
    also limit the actions of the attacker's script.

    - Customers who exercise caution in what web sites they visit
    or who place unknown or untrusted sites in the Restricted
    Sites zone can potentially protect themselves from attempts
    to exploit this issue on the web.

    Aggregate Severity of all issues included in this patch
    (including issues addressed in previously released patches):
    ============
    - Internet systems: Critical
    - Intranet systems: Critical
    - Client systems: Critical

    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletin at
    http://www.microsoft.com/technet/sec...n/ms02-047.asp
    for information on obtaining this patch.

    Acknowledgment:
    ===============
    - GreyMagic Software (http://sec.greymagic.com/news/) for
    reporting the XML File Reading via Redirect vulnerability.

    - Mark Litchfield of Next Generation Security Software Ltd.
    (http://www.nextgenss.com/) for reporting the Buffer Overrun
    in Legacy Text Formatting ActiveX Control vulnerability.

    - Jouko Pynnonen of Oy Online Solutions Ltd for reporting
    the File Origin Spoofing vulnerability.

    - ---------------------------------------------------------------------

  2.   Anzeige

     
  3. #2
    Brummelchen

    AW: jede menge Updates

    - ----------------------------------------------------------------------
    Title: Unchecked Buffer in Network Share Provider Can Lead to
    Denial of Service (Q326830)
    Date: 22 August 2002
    Software: Microsoft Windows NT 4.0 Workstation
    Microsoft Windows NT 4.0 Server
    Microsoft Windows NT 4.0 Server, Terminal Sever Edition
    Microsoft Windows 2000 Professional
    Microsoft Windows 2000 Server
    Microsoft Windows 2000 Advanced Server
    Windows XP Professional
    Impact: Denial of Service
    Max Risk: Moderate
    Bulletin: MS02-045

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/sec.../MS02-045.asp.
    - ----------------------------------------------------------------------

    Issue:
    ======
    SMB (Server Message Block) is the protocol Microsoft uses to share
    files, printers, serial ports, and also to communicate between
    computers using named pipes and mail slots. In a networked
    environment, servers make file systems and resources available to
    clients. Clients make SMB requests for resources and servers make
    SMB responses in what described as a client server, request-
    response protocol.

    By sending a specially crafted packet request, an attacker can mount
    a denial of service attack on the target server machine and crash
    the system. The attacker could use both a user account and anonymous
    access to accomplish this. Though not confirmed, it may be possible
    to execute arbitrary code.


    Mitigating Factors:
    ====================
    - - An administrator can block this attack by turning off anonymous
    access. However, this does not prevent legitimate users from
    exploiting this vulnerability.
    - - An administrator can block access to SMB ports from untrusted
    networks. By blocking TCP ports 445 and 139 at the network
    perimeter, administrators can prevent this attack from untrusted
    parties. In a file and printing environment, this may not be a
    practical solution for legitimate users.
    - - An administrator can stop the Lanman server service which prevents
    the attack, but again may not be suitable on a file and print
    sharing server.


    Risk Rating:
    ============
    - Internet systems: Low
    - Intranet systems: Moderate
    - Client systems: Moderate

    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletin at
    http://www.microsoft.com/technet/sec...n/ms02-045.asp
    for information on obtaining this patch.

    - ---------------------------------------------------------------------
    Soweit ich las, gibt es mindestens eines in deutsch (kumulativ IE)

    HTH

  4. #3
    Brummelchen

    AW: jede menge Updates

    Ein wenig weiter recherchiert:

    Windows XP Security Patch: DoS Vulnerability Report in SMB Implementation

    This update resolves the "Unchecked Buffer in Network Share Provider can lead to Denial of Service" vulnerability in Windows XP. Download now to prevent a malicious user from launching a denial of service (DoS) attack on your computer.
    For More Information - http://www.microsoft.com/technet/sec...n/MS02-045.asp
    Version - Q326830
    Release Date - 21 Aug 2002
    Estimated Download Size/Time @28.8 - 214 kb / 2min
    System Requirements

    Microsoft Windows XP Professional
    Operating System - Windows XP


    Download Now Q326830_WXP_SP1_x86_ENU.exe - 214 Kb
    englisch: http://download.microsoft.com/downlo...P1_x86_ENU.exe
    deutsch: http://download.microsoft.com/downlo...P1_x86_DEU.exe
    August 2002, Cumulative Patch for Internet Explorer (Q323759)
    Posted: August 22, 2002

    Read This First

    The "August 2002, Cumulative Patch for Internet Explorer (Q323759)" eliminates all previously addressed security vulnerabilities affecting Internet Explorer, as well as additional newly discovered vulnerabilities. This update includes the functionality of all previously released patches. Download now to continue keeping your computer secure.

    For more information about the vulnerabilities this update addresses, read the associated Microsoft Security Bulletin.

    System Requirements
    This update applies to:
    - Internet Explorer 6
    - Internet Explorer 5.5 SP2
    - Internet Explorer 5.5 SP1
    - Internet Explorer 5.01 SP3 with Windows 2000.
    - Internet Explorer 5.01 SP2 with Windows 2000.


    How to download and install
    - Select your language from the drop-down list at the top of the page.
    - Click Go.
    - Click the Security Update link for your version of Internet Explorer.

    Do one of the following:
    - To start the installation immediately, choose Run this program from its current location (in Internet Explorer 6, click Open).
    - To copy the download to your computer for installation at a later time, click Save this program to disk.
    - Click OK.
    - Click Yes if asked whether you would like to install and run Q323759.exe.
    - Click Yes to begin the installation process.

    How to use
    - Restart your computer to complete the installation.

    How to uninstall
    - Uninstall is not available.

    *** Alles deutsche Updates ***

    Internet Explorer 6.0
    http://download.microsoft.com/downlo...DE/q323759.exe

    Internet Explorer 5.5 SP2
    http://download.microsoft.com/downlo...DE/q323759.exe

    Internet Explorer 5.5 SP1
    http://download.microsoft.com/downlo...DE/q323759.exe

    Internet Explorer 5.01 SP2 and Internet Explorer 5.01 SP3 for Windows 2000
    http://download.microsoft.com/downlo...DE/q323759.exe
    Q323172: Security Update

    Read Me First

    This update resolves the "Flaw in Digital Certificate Enrollment Component Allows Certificate Deletion" security vulnerability in Windows 98. Download now to stop a Web site or HTML e-mail from deleting digital certificates on your computer and preventing you from using the services they are associated with.

    For more information about this vulnerability, read the associated Microsoft Security Bulletin.

    System Requirements
    This update applies to Windows 98 & 98SE.

    How to download and install
    Select your language from the drop-down list and click Download Now.

    How to use
    Restart your computer to complete the installation.

    How to uninstall
    Note Save all your work and close all applications before attempting to uninstall this component. You must have your original Windows 98 or Windows 98 Second Edition CD available to uninstall this component.

    Click Start, point to Find, and click Files or Folders.
    Search for 323172un.inf
    Once this file is displayed, right-click on the file and choose Install.

    http://www.microsoft.com/windows98/d...72/default.asp
    http://download.microsoft.com/downlo...323172GER8.EXE
    Q323172: Security Update
    Posted: August 28, 2002

    Read Me First

    This update resolves the "Flaw in Digital Certificate Enrollment Component Allows Certificate Deletion" security vulnerability in Windows 2000. Download now to stop a Web site or HTML e-mail from deleting digital certificates on your computer and preventing you from using the services they are associated with.

    For more information about this vulnerability, read the associated Microsoft Security Bulletin.

    System Requirements

    This update applies to Windows 2000.

    How to download and install

    Select your language from the drop-down list at the top of the page.
    Click Go.
    Click the link under Download.
    Do one of the following:

    To start the installation immediately, click Open or Run this program from its current location.
    To copy the download to your computer for installation at a later time, click Save or Save this program to disk.

    Click OK.

    How to use

    Restart your computer to complete the installation.

    How to uninstall

    Click Start, point to Settings, and then click Control Panel.
    Double-click Add/Remove Programs.
    Select Windows 2000 hotfix (Pre-SP4) [See Q323172 for more information], and then click Add/Remove.

    http://download.microsoft.com/downlo...SP4_X86_DE.exe
    Windows XP Security Patch: Ability to add root certs to send ActiveX controls on WinXP

    This update resolves the "Flaw in Digital Certificate Enrollment Component Allows Certificate Deletion" security vulnerability in Windows XP. Download now to stop a Web site or HTML e-mail from deleting digital certificates on your computer and preventing you from using the services they are associated with.
    For More Information - http://www.microsoft.com/technet/sec...n/ms02-048.asp
    Version - Q323172
    Release Date - 28 Aug 2002
    Estimated Download Size/Time @28.8 - 277 kb / 2min
    System Requirements

    Windows XP Home Edition, Windows XP Professional

    Operating System - Windows XP

    Download Now Q323172_WXP_SP1_x86_ENU.exe - 283 Kb
    englisch: http://download.microsoft.com/downlo...P1_x86_ENU.exe
    deutsch: http://download.microsoft.com/downlo...P1_x86_DEU.exe

  5. #4
    assimiliert Avatar von rsjuergen
    Registriert seit
    09.03.01
    Ort
    Halle (Saale)
    Beiträge
    6.034

    AW: jede menge Updates

    Ist zwar schön, dass Du das postest, aber verstanden habe ich nix! Wenn Du die wesentlichsten deutschen Updates mit Ihren Wirkungen (in deutsch) mal wiederholen könntest wäre dies für einige Leute, die der englischen Sprache nicht mächtig sind mehr von Nutzen, zumal ich davon ausgehe, dass die meisten sowieso mit den deutschen Versionen arbeiten.

  6. #5
    Brummelchen

    AW: jede menge Updates

    jürgen, eigentlich gibbet da nix zu verstehen. Klick auf die Datei-Links und fertig.
    Liegt aber auch daran, dass ich das MS-Bulletin bekomme (englisch) und eben vor sch** PC-Welt, GOLEM etc informiert bin, die das dann für ON in deutsch schreiben.

    vulnerable = verletzlich, verwundbar
    kumulativ/cumulativ = zusammenfassend (Duden hilft)
    Security patch - Sicherheits Update

    Da generell auch bei den Magazinen nur Links zu MS-Bulletin gesetzt werden, ist es IMO ziemlich egal, ob ich es gleich so oder so lesen, verstehen kann das eh nur ein Profi (zu denen ich mich nicht zähle). ON liest, aha, german (=deutsch, falls er überhaupt soweit denkt und nicht gleich blind englisch runterlädt), runterladen, installieren, der denkt ebensowenig nach wie ich.

    Ich hab extra die OS dabeigeschrieben, dabei interessiert mich W98 und W2k relativ wenig, weil ich zu 99% XP nutze.

    Wenn jemand das Interesse an der bedeutung hat, kommt man um dieses Englisch NIE herum, für's Grobe reicht IMO der Dolmetscher von Lycos, Altavista, Abacho, Google oder intern Opera (=Lycos).

    Es sollte nochmal erwähnt werden, dass die Magazine meistens nur den englischen Patch posten, anstatt mal auf die deutsche zu warten. Damn.

  7. #6
    IT Trainer Avatar von Wolfi
    Registriert seit
    08.01.02
    Ort
    Wien
    Beiträge
    4.960

    AW: jede menge Updates

    @ Brummelchen

    Professionelle Antwort...

  8. #7
    Senior Member Avatar von Simmel
    Registriert seit
    13.04.02
    Ort
    Leipzig - Goooohlis
    Beiträge
    3.736

    AW: jede menge Updates

    Hmm... Brummel ist echt Supi das du dich so um uns kümmerst ,aber meine Englisch kenntnisse sind so gut wie von einem Schwein!!! Wenn du es vielleicht mal übersetzen könntest wäre das echt okay!!
    Auch wenn du dir die Mühe nur für mich machst!! Denn eigenltich klicke ich nicht so gerne sachen an die ich vorher nicht gelesen habe!!

  9. #8
    assimiliert Avatar von rsjuergen
    Registriert seit
    09.03.01
    Ort
    Halle (Saale)
    Beiträge
    6.034

    AW: jede menge Updates

    1:1

    Mir geht es da wie Simmel. Weil man halt nie weiß, was passiert, wenn man auf einen Link klickt, der zu MS führt.

    Ich gehöre halt zu der Generation, die nie die Gelegenheit hatten in der Schule englisch zu lernen, weil es halt hier eine andere Sprache gab, und um an eine EOS (DDR-Form des Gymnasiums) zu kommen bedurfte es nicht nur guter schulischer Leistungen.
    Geändert von rsjuergen (29.08.02 um 21:42 Uhr)

  10. #9
    Brummelchen

    AW: jede menge Updates

    Jürgen, Simmel.

    Was die Meldungen im einzelnen bedeuten, kann ich euch wirklich nicht genau sagen, ich kann es ja mal versuchen...

    Zum IE: die letzten Sicherheitslöcher, u.a auch das Gopher-Loch, zu dem es bislang keinen Patch gab, nur ne Meldung.

    W98/XP "Flaw in Digital Certificate Enrollment Component Allows Certificate Deletion"

    Ein digitales Zertifikat konnte Dummfug anstellen (Dateien/Ordner löschen).


    Buffer in Network Share Provider can lead to Denial of Service"
    "Unchecked Buffer" heisst immer soviel, dass durch einen internen Pufferüberlauf (wie ein zu volles Waschbecken) Aktionen ausgelöst werden werden können, die eigentlich nicht sein dürfen.


    Wichtig ist immer für eine deutsche Windows-Version:
    - immer auch "german" oder "deutsch" bzw "Deutschland" achten
    - im DL-Pfad sollte ein DE oder DEU stehen, oder im Namen (bei XP beides)

    Ansonsten lässt sich manchmal testweise der englische Pfad (EN-US) durch ein DE ersetzen ebenso ein ENU durch ein DEU (bei XP).
    Beispiele stehen oben genug...

    Hab das auch nur alles im letzten Jahr mit XP lernen müssen, ist aber echt kinderleicht.

    Jürgen, dass mit den ostdeutschen Schulen kenne ich aus ganz naher Erfahrung. Ist heute aber auch noch so, obwohl englisch auf dem Lehrplan steht. Die Lehrer tun sich halt schwer damit - trotz mind. 10 Jahren. damn.

    Wie gesagt, besser geht's nicht, dafür hat's dann ja auch PCwelt Naja, und da wir auch ohne Patch leben konnten, wird es auch die paar Tage überleben

    Ein paar Links dazu:

    +++ ActiveX zerstoert Zertifikate +++
    Eine korrupte ActiveX-Komponente kann alle Zertifikate auf
    Windows-Rechnern zerstoeren.
    http://www.intern.de/news/3384.html
    --- Gefaehrliches Sicherheitsleck in aktuellen Windows-Versionen ---
    In einem aktuellen Security Bulletin berichtet Microsoft ueber eine
    Sicherheitsluecke in einem ActiveX-Control, das es Angreifern
    ermoeglicht, verschiedene Windows-Zertifikate zu loeschen oder das
    Anlegen neuer Zertifikate zu verhindern. Microsoft bietet einen Patch
    fuer alle neueren Windows-Systeme zum Download an.
    http://www.golem.de/0208/21430.html
    Neuer Sicherheits-Patch für IE 5.01, 5.5 und 6.0
    Softwaregigant Microsoft hat einen "Cumulative" Patch für den Internet Explorer zur Verfügung gestellt. Der Flicken stopft sechs Sicherheitslücken. Eine davon wird von Microsoft als "kritisch" eingestuft - sie kann dazu führen, dass ein Angreifer Kontrolle über das System des Anwenders erlangt.
    http://www.pcwelt.de/news/software/25670
    +++ Neue Luecken, neue Patches +++
    Drei neue Patches sollen insgesamt acht Sicherheitsluecken bei
    Microsoft-Produkten schliessen.
    http://www.intern.de/news/3357.html
    +++ Office-Bug, die 2. +++
    Offenbar war der Hinweis gestern auf die Sicherheitsluecke in
    Office/MSIE nicht deutlich genug.
    http://www.intern.de/news/3352.html

    Thread zum SP2 folgt
    --- Patch fuer Windows-Systeme gegen DoS-Attacke ---
    In den Desktop- und Server-Versionen von Windows NT 4.0, 2000 sowie XP
    steckt ein Sicherheitsloch, worueber Angreifer eine Denial-of-Service-
    (DoS-)Attacke ausfuehren und das System in die Knie zwingen koennen.
    Mit bereitgestellten Patches soll sich das Leck beheben lassen.
    http://www.golem.de/0208/21351.html
    --- Neuer Sammel-Patch fuer den Internet Explorer erhaeltlich ---
    Microsoft stellt einen neuen Sammel-Patch fuer die Windows-Version des
    Internet Explorer ab Version 5.01 zum Download zur Verfuegung, der
    alle bislang einzeln erhaeltlichen Sicherheits-Updates enthaelt, aber
    auch sechs neu entdeckte Sicherheitsloecher stopfen soll. Dazu zaehlt
    auch ein Sicherheitsleck im Gopher-Protokoll, welches Microsoft
    bereits seit ueber drei Monaten bekannt ist.
    http://www.golem.de/0208/21349.html
    Bisschen unsortiert, wie meine Newsletter

    HTH

  11. #10
    assimiliert Avatar von rsjuergen
    Registriert seit
    09.03.01
    Ort
    Halle (Saale)
    Beiträge
    6.034

    AW: jede menge Updates

    Ganz prima! Danke, nun kann ich mir ein Bild machen und weiß vor allem, dass ich die Sicherheitspatches zumindest was XP betrifft schon habe.

    Nochmals ein großes Kompliment!

  12. #11
    Brummelchen

    AW: jede menge Updates

    Hier ne Info zum Office XP2 all_inc_CD
    https://www.supernature-forum.de/sho...ghlight=office

Ähnliche Themen

  1. Windows Security Updates - April 2004
    Von ---rOOts--- im Forum Alles rund um Windows
    Antworten: 11
    Letzter Beitrag: 15.04.04, 09:16
  2. Win Updates auf Platte speichern?
    Von Schuft im Forum Alles rund um Windows
    Antworten: 3
    Letzter Beitrag: 26.11.03, 22:37
  3. Security: AVP3/KAV3.5-Virenprüfer - Unterschiede, Updates und Einstellungen
    Von SilverSurfer99 im Forum Top-Themen und Tutorials
    Antworten: 1
    Letzter Beitrag: 20.06.02, 09:50
  4. XP Updates
    Von BO im Forum Alles rund um Windows
    Antworten: 8
    Letzter Beitrag: 02.06.02, 18:37
  5. Aktuelle Updates beliebter Programme, hier <----
    Von max muetze im Forum Alles rund um Windows
    Antworten: 0
    Letzter Beitrag: 14.02.02, 07:52

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •