Microsoft Security Bulletin informiert/Download

- ----------------------------------------------------------------------
Title: Unchecked Buffer in Windows Shell Could Enable System
Compromise (329390)
Date: 18 December 2002
Software: Microsoft Windows XP
Impact: Run code of an attacker's choice
Max Risk: Critical
Bulletin: MS02-072

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS02-072.asp
http://www.microsoft.com/security/security_bulletins/ms02-072.asp
- ----------------------------------------------------------------------

Issue:
======
The Windows Shell is responsible for providing the basic framework
of the Windows user interface experience. It is most familiar to
users as the Windows Desktop, but also provides a variety of other
functions to help define the user's computing session, including
organizing files and folders, and providing the means to start
applications.

An unchecked buffer exists in one of the functions used by the
Windows Shell to extract custom attribute information from audio
files. A security vulnerability results because it is possible
for a malicious user to mount a buffer overrun attack and attempt
to exploit this flaw.

An attacker could seek to exploit this vulnerability by creating
an .MP3 or .WMA file that contained a corrupt custom attribute
and then host it on a website, on a network share, or send it via
an HTML email. If a user were to hover his or her mouse pointer
over the icon for the file (either on a web page or on the local
disk), or open the shared folder where the file was stored, the
vulnerable code would be invoked. An HTML email could cause the
vulnerable code to be invoked when a user opened or previewed the
email. A successful attack could have the effect of either causing
the Windows Shell to fail, or causing an attacker's code to run on
the user's computer in the security context of the user.


Mitigating Factors:
====================
- The vulnerability lies in the Windows Shell, rather than Windows
Media Player. As a result, playing an audio file with Windows
Media Player would not pose any additional risk.

- Outlook 98 and 2000 (after installing the Outlook Email Security
Update),Outlook 2002, and Outlook Express 6 all open HTML mail in
the Restricted Sites Zone. Customers who are using these products
and who have also installed Windows XP Service Pack 1 or any
recent security patch for Internet Explorer that disables frames
in the Restricted Sites zone would not be at risk from automated
email-borne attacks. However, these customers could still be
attacked if they choose to click on a hyperlink in a malicious
HTML email.

- In the case where an attacker's code was executed, the code
would run in the security context of the user. As a result,
any limitations on the user's ability would also restrict the
actions that an attacker's code could take.

Risk Rating:
============
- Windows XP: Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-072.asp
for information on obtaining this patch.

Acknowledgment:
===============
- Foundstone Research Labs (http://www.foundstone.com)

- ---------------------------------------------------------------------

Zum Vergrößern anklicken....

http://www.wintotal.de/Software/index.php?rb=56&id=1455
Wichtiges Update

Version:
810565

Kurzinfo:
Dieses Update beinhaltet verschiedene Fixes für Windows- Komponenten.

Plattform:
Win XP

Beschreibung:
Dieses Update beinhaltet verschiedene Fixes für Windows- Komponenten, damit diese Komponenten Standardwebbrowser (außer Internet Explorer) besser unterstützen.
Downloaden Sie das Update jetzt, um die Interaktion bestimmter Windows-Komponenten mit Standardwebbrowsern zu verbessern.
Diese Fixes sind für:
- the Help and Support Center
- the Accessibility Wizard
- the Magnifier
- the Narrator
- the On-Screen Keyboard
- the File and Settings Transfer Wizard
- your Active Desktop

Zum Vergrößern anklicken....

Hyperlinks Open in Internet Explorer Instead of in Default Browser or Help and Support Center

The information in this article applies to:

Microsoft Windows XP Home Edition SP1
Microsoft Windows XP Professional SP1
Microsoft Windows XP 64-Bit Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Tablet PC Edition

SYMPTOMS

When you click a link in any of the following locations

the Help and Support Center
the Accessibility Wizard
the Magnifier
the Narrator
the On-Screen Keyboard
the File and Settings Transfer Wizard
your Active Desktop

Zum Vergrößern anklicken....

-----------------------------------------------------------------------
Title: Flaw in SMB Signing Could Enable Group Policy to be
Modified (309376)
Released: 11 December 2002
Revised: 22 January 2003 (version 2.0)
Software: Microsoft Windows 2000
Microsoft Windows XP
Impact: Modify group policy.
Max Risk: Moderate

Bulletin: MS02-070

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-070.asp.
- ----------------------------------------------------------------------

Reason for Revision:
====================
Subsequent to releasing this bulletin it was determined that the
fix was not included in Microsoft Windows XP Service Pack 1. The
bulletin has been updated to reflect this, and the patch had been
updated so that it installs on Windows XP Service Pack 1 systems.
Customers who are currently running XP Service Pack 1 should apply
the patch.

Issue:
======
Server Message Block (SMB) is a protocol natively supported by all
versions of Windows. Although nominally a file-sharing protocol, it
is used for other purposes as well, the most important of which is
disseminating group policy information from domain controllers to
newly logged on systems. Beginning with Windows 2000, it is possible
to improve the integrity of SMB sessions by digitally signing all
packets in a session. Windows 2000 and Windows XP can be configured
to always sign, never sign, or sign only if the other party requires
it.

A flaw in the implementation of SMB Signing in Windows 2000 and
Windows XP could enable an attacker to silently downgrade the SMB
Signing settings on an affected system. To do this, the attacker
would need access to the session negotiation data as it was exchanged
between a client and server, and would need to modify the data in a
way that exploits the flaw. This would cause either or both systems
to send unsigned data regardless of the signing policy the
administrator had set. After having downgraded the signing setting,
the attacker could continue to monitor the session and change data
within it; the lack of signing would prevent the communicants from
detecting the changes.

Although this vulnerability could be exploited to expose any SMB
session to tampering, the most serious case would involve changing
group policy information as it was being disseminated from a Windows
2000 domain controller to a newly logged-on network client. By doing
this, the attacker could take actions such as adding users to the
local Administrators group or installing and running code of his or
her choice on the system.

Mitigating Factors:
====================
- Exploiting the vulnerability would require the attacker to have
significant network access already. In most cases, the attacker
would need to be located on the same network segment as one of
the two participants in the SMB session.
- The attacker would need to exploit the vulnerability separately
for each SMB session he or she wanted to interfere with.
- The vulnerability would not enable the attacker to change group
policy on the domain controller, only to change it as it flowed
to the client.
- SMB Signing is disabled by default on Windows 2000 and Windows
XP because of the performance penalty it exacts. On networks
where SMB Signing has not been enabled, the vulnerability would
pose no additional risk - because SMB data would already be
vulnerable to modification.

Risk Rating:
============
- Windows 2000: Moderate
- Windows XP: Low

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-070.asp
for information on obtaining this patch.

- ---------------------------------------------------------------------

Zum Vergrößern anklicken....

Windows XP Security Patch:
Flaw in SMB Signing Could Enable Group Policy to be Modified - Deutsch

QuickInfo
Dateiname: Q329170_WXP_SP2_x86_DEU.exe
Downloadgröße: 574 KB
Veröffentlichungsdatum: 22.01.2003
Version: Q329170

Übersicht
A security vulnerability has been identified that could allow an attacker to disrupt
a facility by which security settings are applied to Windows-based computers in a
corporate network. This could allow the attacker to loosen settings on his or her
own computer or impose tighter ones on someone else's. Network administrators can
help eliminate this issue by installing this update.

Systemanforderungen
Unterstützte Betriebssysteme: Windows XP

Windows XP Professional
Windows XP Home Edition

http://download.microsoft.com/downl...aa5f-710b5688e35f/Q329170_WXP_SP2_x86_DEU.exe

Zum Vergrößern anklicken....

- ----------------------------------------------------------------------
Title: Unchecked Buffer in Locator Service Could Lead to Code
Execution (810833)
Date: 22 January, 2003
Software: Microsoft Windows NT 4.0, Windows 2000, and Windows XP
Impact: Run code of the attacker's choice
Max Risk: Critical
Bulletin: MS03-001

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/ms03-001.asp
http://www.microsoft.com/security/security_bulletins/ms03-001.asp
- ----------------------------------------------------------------------

Issue:
======
The Microsoft Locator service is a name service that maps logical
names to network-specific names. It ships with Windows NT 4.0,
Windows 2000, and Windows XP. By default, the Locator service is
enabled only on Windows 2000 domain controllers and Windows NT 4.0
domain controllers; it is not enabled on Windows NT 4.0 workstations
or member servers, Windows 2000 workstations or member servers,
or Windows XP.

A security vulnerability results from an unchecked buffer in the
Locator service. By sending a specially malformed request to the
Locator service, an attacker could cause the Locator service to
fail, or to run code of the attacker's choice on the system.

Mitigating Factors:
====================
- The Locator service is not enabled by default on any affected
versions of Windows with the exception of Windows 2000 domain
controllers and Windows NT 4.0 domain controllers.

- A properly-configured firewall would block the calls to the
Locator service, which would protect an affected machine from
an Internet-based attack.

Risk Rating:
============
- Windows NT 4.0 (Workstations and Member Servers): Moderate
- Windows NT 4.0 (Domain Controllers Only): Critical
- Windows NT 4.0, Terminal Server Edition: Moderate
- Windows 2000 (Workstations and Member Servers): Moderate
- Windows 2000 (Domain Controllers Only): Critical
- Windows XP: Moderate

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-001.asp
http://www.microsoft.com/security/security_bulletins/ms03-001.asp

for information on obtaining this patch.

Acknowledgment:
===============
- David Litchfield of Next Generation Security Software Ltd.
(http://www.nextgenss.com)

- ---------------------------------------------------------------------

Zum Vergrößern anklicken....

Windows XP Security Patch:
Unchecked Buffer in Locator Service Could Lead to Code Execution - Deutsch

QuickInfo
Dateiname: Q810833_WXP_SP2_x86_DEU.exe
Downloadgröße: 382 KB
Veröffentlichungsdatum: 22.01.2003
Version: Q810833

Übersicht
A security issue has been identified that could allow an attacker to compromise
a computer running Microsoft(r) Windows(r) and gain control over it. This issue
is most likely to affect computers used as servers. You can help protect your
computer by installing this update from Microsoft.

Systemanforderungen
Unterstützte Betriebssysteme: Windows XP

Windows XP Professional
Windows XP Home Edition

http://download.microsoft.com/downl...bc1d-7643547e7578/Q810833_WXP_SP2_x86_DEU.exe

Zum Vergrößern anklicken....

--- Service Pack 1a fuer Windows XP ohne Java VM erhaeltlich ---
Microsoft ueberarbeitete das im September 2002 veroeffentlichte
Service Pack 1 (SP1) fuer Windows XP leicht und stellt dies nun als
Service Pack 1a (SP1a) zum Download bereit. Das Service Pack 1a
enthaelt keine Java VM mehr, die noch im Service Pack 1 enthalten war
- weitere Aenderungen gibt es nicht.
http://www.golem.de/0302/23797.html

Zum Vergrößern anklicken....

Microsoft kündigt zwei Java-Updates für Windows XP an

Nachdem Microsoft vor Gericht gegen Sun unterlag, planen die Redmonder nun, der Anweisung des Bezirksrichter Frederick Motz Folge zu leisten. Dieser hatte Microsoft dazu verdonnert, die aktuellen Java-Versionen von Sun in Windows XP zu integrieren. In Form von zwei Updates soll Suns Java nun nachgereicht werden.

Wie die US-Website Betanews berichtet, wird das erste Update bereits im Februar zum Download angeboten werden und die Bezeichnung "Windows XP SP1a" tragen. Dabei wird es sich um das bereits erschienene Service Pack 1 handeln, in dem lediglich die ursprünglich mitgelieferte Microsoft-Version der Java-Unterstützung entfernt wurde.

Innerhalb der vom Gericht festgesetzten 120-Tage-Frist wird dann voraussichtlich im Juni 2003 das "Windows XP Service Pack 1b" erscheinen. Hier wird dann die aktuelle Java-Version von Sun enthalten sein. Microsoft wird beide Updates über die Windows Update-Funktion zum Download anbieten. Das Service Pack 1b soll zusätzlich auch kostenlos auf CD verfügbar sein.

Laut Microsoft-Sprecher Jim Cullinan sollen die Anwender nicht gezwungen werden, Suns Java-Technologie auch zu nutzen. "Sie werden eine Option haben, ob Suns Technologie geladen werden soll oder nicht", so Cullinan.

Ende des Jahres soll die Beta-Testphase für das Service Pack 2 für Windows XP starten. In diesem wird Suns Java Technologie ebenfalls enthalten sein.

Zum Vergrößern anklicken....

Deutscher Windows Movie Maker 2 zum kostenlosen Download


Einfaches Videonachbearbeitungsprogramm für Einsteiger


Microsoft hat nun auch die deutsche Version seines Movie Maker 2 für Windows XP vorgestellt. Die weiterentwickelte Version der einfachen Videobearbeitungssoftware ist mit mehr als 30 Videoeffekten, 60 Übergängen und 40 vorbereiteten Titeln und Abspännen ausgestattet. Als weitere Neuerungen gibt es ein überarbeitetes Interface sowie eine nicht näher erläuterte Funktion mit dem Namen AutoMovie und eine verbesserte Timeline.

Windows Movie Maker 2 nutzt zudem die Vorteile der neuen Audio- und Videocodecs der Windows-Media-9-Reihe, mit dem man nach Angaben des Herstellers beispielsweise 15 Stunden DV-Video auf nur 10 GB Festplattenplatz unterbringen kann. Falls man DV-AVI verwenden würde, hätte der 10-GB-Speicherplatz nur für 45 Minuten Videospielzeit gereicht. Wie niedrig die Datenrate und wie gut die Qualität beim obigen Rechenbeispiel sein wird, ließ Microsoft allerdings offen. Natürlich sind für die Übernahme der Videodaten in den Rechner eine Firewirekarte oder eine analoge Videocapturekarte notwendig.

Windows Movie Maker 2 erlaubt zudem das Brennen des fertigen Films auf CD, den E-Mail-Versand oder die Ausgabe auf Pocket-PC-(WindowsCE-)Geräten und natürlich auch die Aufzeichnung mit einer digitalen Videokamera. Ohne Software von Drittanbietern kann man die Videos allerdings nicht auf DVD brennen.

Windows Movie Maker 2 für Windows XP ist ab sofort auf Deutsch als 12,4 MByte großer Download erhältlich.

Zum Vergrößern anklicken....

- -------------------------------------------------------------------

Title: Unchecked Buffer in Windows Redirector Could Allow
Privilege Elevation (810577)
Date: 05 February 2003
Software: Microsoft Windows XP
Impact: Privilege elevation
Max Risk: Important
Bulletin: MS03-005

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/ms03-005.asp
http://www.microsoft.com/security/security_bulletins/ms03-005.asp
- -------------------------------------------------------------------


Issue:
======
The Windows Redirector is used by a Windows client to access files,
whether local or remote, regardless of the underlying network
protocols in use. For example, the "Add a Network Place" Wizard or
the NET USE command can be used to map a network share as a local
drive, and the Windows Redirector will handle the routing of
information to and from the network share.

A security vulnerability exists in the implementation of the
Windows Redirector on Windows XP because an unchecked buffer is
used to receive parameter information. By providing malformed data
to the Windows Redirector, an attacker could cause the system to
fail, or if the data was crafted in a particular way, could run
code of the attacker's choice.

Mitigating Factors:
====================
- An attacker would require the ability to log onto the system
interactively in order to run programs that use the Windows
Redirector. This vulnerability cannot be exploited remotely.
- Windows XP systems that are not shared between users would not
be at risk.

Risk Rating:
============
- Windows XP: Important

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at

http://www.microsoft.com/technet/security/bulletin/ms03-005.asp
http://www.microsoft.com/security/security_bulletins/ms03-005.asp

for information on obtaining this patch.

Acknowledgment:
===============
- NSFocus (http://www.nsfocus.com)

Home User Security Notification Service
=======================================
Microsoft is now offering the Microsoft Security Update, a security
bulletin notification service for home users. To learn more about
this service, please go to:

http://www.microsoft.com/security/security_bulletins/decision.asp

- -------------------------------------------------------------------

Zum Vergrößern anklicken....

Windows XP Security Patch: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation

QuickInfo
Dateiname: Q810577_WXP_SP2_x86_DEU.exe
Downloadgröße: 648 KB
Veröffentlichungsdatum: 05.02.2003
Version: Q810577

Übersicht
A security issue has been identified that could allow an attacker to compromise a
computer running Microsoft(r) Windows(r) XP and gain control over it. To attempt
an attack, the attacker would have to be able to log on to the computer. You can
help protect your computer by installing this update from Microsoft.

Systemanforderungen
Unterstützte Betriebssysteme: Windows XP

Windows XP Professional
Windows XP Home Edition

http://download.microsoft.com/downl...b754-c29d28f9ab35/Q810577_WXP_SP2_x86_DEU.exe

Zum Vergrößern anklicken....

- -------------------------------------------------------------------

Title: Cumulative Patch for Internet Explorer (810847)
Date: 05 February 2003
Software: Microsoft Internet Explorer
Impact: Allow an attacker to execute commands on a user's
system.
Max Risk: Critical
Bulletin: MS03-004

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
http://www.microsoft.com/security/security_bulletins/ms03-004.asp
- -------------------------------------------------------------------


Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for IE 5.01, 5.5, 6.0. In addition, it
eliminates two newly discovered vulnerabilities involving Internet
Explorer's cross-domain security model - which keeps windows of
different domains from sharing information. These flaws results in
Internet Explorer because incomplete security checking causes
Internet Explorer to allow one website to potentially access
information from another domain when using certain dialog boxes.

In order to exploit this flaw, an attacker would have to host a
malicious web site that contained a web page designed to exploit this
particular vulnerability and then persuade a user to visit that site.
Once the user has visited the malicious web site, it would be
possible for the attacker to run malicious script by misusing a
dialog box and cause that script to access information in a different
domain. In the worst case, this could enable the web site operator to
load malicious code onto a user's system. In addition, this flaw
could also enable an attacker to invoke an executable that was
already present on the local system.

A related cross-domain vulnerability allows Internet Explorer's
showHelp() functionality to execute without proper security
checking. showHelp() is one of the help methods used to display an
HTML page containing help content. showHelp() allows more types of
pluggable protocols than necessary, and this could potentially allow
an attacker to access user information, invoke executables already
present on a user's local system or load malicious code onto a user's
local system.

The requirements to exploit this vulnerability are the same as for
the issue described above: an attacker would have to host and lure a
user to a malicious web site. In this scenario, the attacker could
open a showHelp window to a known local file on the visiting user's
local system and gain access to information from that file by sending
a specially crafted URL to a second showHelp window. The attacker
could also potentially access user information or run code of
attacker's choice.

This cumulative patch will cause window.showHelp( ) to cease to
function. When the latest HTML Help update - which is being released
via Windows Update with this patch - is installed, window.showHelp( )
will function again, but with some limitations (see the caveats
section later in this bulletin). This has been necessary in order to
block the attack vector that might allow a web site operator to
invoke an executable that was already present on a user's local
system.

Mitigating Factors:
====================
- The attacker would have to host a web site that contained a web
page used to exploit either of these cross-domain vulnerabilities.
- The attacker would have no way to force users to visit the site.
Instead, the attacker would need to lure them there, typically by
getting them to click on a link that would take them to the
attacker's site.
- By default, Outlook Express 6.0 and Outlook 2002 open HTML mail
in the Restricted Sites Zone. In addition, Outlook 98 and 2000 open
HTML mail in the Restricted Sites Zone if the Outlook Email Security
Update has been installed. Customers who use any of these products
would be at no risk from an e-mail borne attack that attempted to
exploit this vulnerability unless the user clicked a malicious link
in the email.
- Internet Explorer 5.01 users are not affected by the first
vulnerability.

Risk Rating:
============
- Internet Explorer 5.01: Critical
- Internet Explorer 5.5: Critical
- Internet Explorer 6.0: Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at

http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
http://www.microsoft.com/security/security_bulletins/ms03-004.asp

for information on obtaining this patch.

Acknowledgment:
===============
- Andreas Sandblad, Sweden for reporting the cross domain
vulnerability using showhelp.

Home User Security Notification Service
=======================================
Microsoft is now offering the Microsoft Security Update, a security
bulletin notification service for home users. To learn more about
this service, please go to:

http://www.microsoft.com/security/security_bulletins/decision.asp

- -------------------------------------------------------------------

Zum Vergrößern anklicken....

February 2003, Cumulative Patch for Internet Explorer (810847)

Posted: February 05, 2003

Read This First
The "February 2003, Cumulative Patch for Internet Explorer" eliminates
all previously addressed security vulnerabilities affecting Internet Explorer,
as well as additional newly discovered vulnerabilities. This update includes
the functionality of all previously released Internet Explorer patches.
Download now to help maintain the security of your computer.

For more information about the vulnerabilities this update addresses,
read the associated Microsoft Security Bulletin.
http://www.microsoft.com/technet/security/bulletin/ms03-004.asp

System Requirements

This update applies to Internet Explorer with the following operating systems:
- Windows XP SP1 64-bit Edition
- Windows XP SP1
- Windows XP
- Windows 2000 SP3
- Windows NT® 4.0 SP6A
- Windows Millennium Edition (Windows ME)
- Windows 98 SE

How to download and install

- Select your language from the drop-down list at the top of the page.
- Click Go.
- Click the Security Update link for your version of Internet Explorer.
- Do one of the following:
- To start the installation immediately, choose Run this program from its current
location (in Internet Explorer 6, click Open).
- To copy the download to your computer for installation at a later time,
click Save this program to disk (in Internet Explorer 6, click Save).
- Click OK.
- Click Yes if asked whether you would like to install and run Q810847.exe.

How to use
- Restart your computer to complete the installation.

How to uninstall
- Uninstall is not available.

Downloads deutsch
Internet Explorer 6 SP1 (2 MB file)
http://download.microsoft.com/download/5/2/7/527f5280-7b5c-4531-973f-11b46e52e1f2/q810847.exe

Internet Explorer 6 for Windows XP (2.43 MB file)
http://download.microsoft.com/download/f/0/d/f0d744d2-91a8-4369-af4d-6939d2758244/q810847.exe

Internet Explorer 5.5 SP2 (2.15 MB file)
http://download.microsoft.com/download/c/5/c/c5c7f443-9943-4674-a993-03c3cd9b2384/q810847.exe

Internet Explorer 5.01 SP3 for Windows 2000 SP3 (1.92 MB file)
http://download.microsoft.com/download/b/a/d/bad08b7a-caa2-4cfa-854c-6afba9f2fdb8/q810847.exe

Zum Vergrößern anklicken....

Microsoft Windows XP Post-Sp1 Updater

Jeder hat sicher nach einer Neuinstallation von Windows XP geflucht als er die ganzen Microsoft Bulletins per Hand installieren musste oder der Rechner hat keinen Internetanschluss. Das muss jetzt nicht mehr sein. Wir haben für Euch ein komplettes Paket geschnürt welches alle Security Bulletin für Windows XP enthällt. Berücksichtigt sind alle Security Bulletin seit dem Release des Service Pack 1. In regelmässigen Abständen werden wir dieses Paket auf den neuesten Stand bringen.

Dieses Packet aktualisiert eine WindowsXP Installation mit vorhandenem ServicePack1 auf den Stand vom 04.02.2003. Es wurde auf zahlreichen, verschieden konfigurierten WindowsXP Systemen getestet und ist für Workstations geeignet. Selbstverständlich übernehmen wir dennoch keinerlei Verantwortung für jegliche Art von Risiken und Nebenwirkungen! Neben der Grundausstattung des Betriebssystems wird ein Update für den XML- Parser 4.0 mitinstalliert, das unter einem besonderen Umstand ausgeklammert werden kann.

WAS NICHT INSTALLIERT WIRD sind Updates für den Mediaplayer, Office und für Zusatzprodukte von Microsoft wie z.B. SQL Server

Mit diesem Packet können folgende Parameter verwendet werden:
-s
Silent Mode - Installation und Neustart ohne Rückfragen.
-r
Automatischer Neustart - Sinnvoll zusammen mit Parameter -s
-noxml
Kein XML4-Parser - Auch falls NICHT auf dem System vorhanden, wird ansonsten der XML4-Parser hinzu installiert.


Das Team der Windows Helpline wünscht mit dem aktualisierten System viel Spass!

Feedback und Vorschläge sind im Forum der Helpline unter WindowsXP / Servicepacks jederzeit willkommen!

Zum Vergrößern anklicken....

MS: Update für fehlerhaften Windows NT-Patch

(tecCHANNEL.de, 10.02.2003) Microsoft hat einen Patch neu aufgelegt, der ein Lücke im Message-System der Betriebssysteme Windows XP, 2000 und NT schließt. In der vorangegangenen Ausgabe hatte der Patch unter Windows NT neue Probleme aufgeworfen.

Das neue Release des im Dezember erstmals veröffentlichten Patches betrifft also nur NT-Benutzer (auch NT Terminal Server). Bei den anderen genannten Betriebssystemen richtete der erste Patch nach Angaben von Microsoft keinen Schaden an.

Die Lücke, die mit dem Patch geschlossen wird, betrifft die WM_Timer-Funktion des Message-Systems. Mit dem Timer ist der Aufruf einer Callback-Funktion auf Desktop-Ebene möglich. Den Timer dürfen eigentlich nur privilegierte Programme im Windows Objekt-Modell nutzen, scheinbar ist es unter bestimmten Umständen möglich, diese Privilegien zu unterlaufen. Der Angreifer müsste dazu aber im System eingeloggt sein. Ein Angriff über das Internet ist nicht möglich. Microsoft sieht das als mildernden Umstand an. Bulletin und Patch finden Sie unter diesem Link. Benutzer von Windows XP und 2000 können ihre Systeme über den genanten Link ebenfalls patchen. (uba)

Zum Vergrößern anklicken....

- ----------------------------------------------------------------------
Title: Flaw in Windows WM_TIMER Message Handling Could Enable
Privilege Elevation (328310)
Released: 11 December 2002
Revised: 07 February 2003 (version 2.0)
Software: Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Impact: Privilege elevation
Max Risk: Important
Bulletin: MS02-071

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-071.asp
http://www.microsoft.com/security/security_bulletins/ms02-071.asp
- ----------------------------------------------------------------------

Reason for Revision:
====================
Subsequent to the release of this bulletin it was determined
that the patch for Microsoft Windows NT 4.0 machines introduced
an error that could, under certain configurations, cause NT 4.0
to fail. Microsoft has investigated this issue and is releasing
an updated patch for Windows NT 4.0. The bulletin has been updated
to include the new download links for the NT 4.0 patch. Customers
who have installed the patch on Microsoft Windows 2000 and Windows
XP are unaffected by this error.

Issue:
======
Windows messages provide a way for interactive processes to react
to user events (e.g., keystrokes or mouse movements) and communicate
with other interactive processes. One such message, WM_TIMER, is sent
at the expiration of a timer, and can be used to cause a process to
execute a timer callback function. A security vulnerability results
because it's possible for one process in the interactive desktop to
use a WM_TIMER message to cause another process to execute a callback
function at the address of its choice, even if the second process did
not set a timer. If that second process had higher privileges than
the first, this would provide the first process with a way of
exercising them.

By default, several of the processes running in the interactive
desktop do so with LocalSystem privileges. As a result, an attacker
who had the ability to log onto a system interactively could
potentially run a program that would levy a WM_TIMER request upon
such a process, causing it to take any action the attacker specified.
This would give the attacker complete control over the system.

In addition to addressing this vulnerability, the patch also
makes changes to several processes that run on the interactive
desktop with high privileges. Although none of these would, in
the absence of the TM_TIMER vulnerability, enable an attacker to
gain privileges on the system, we have included them in the patch
to make the services more robust.

Mitigating Factors:
====================
- An attacker would need valid logon credentials to exploit the
vulnerability. It could not be exploited remotely.
- Properly secured servers would be at little risk from this
vulnerability. Standard best practices recommend only allowing
trusted administrators to log onto such systems interactively;
without such privileges, an attacker could not exploit the
vulnerability.

Risk Rating:
============
- Important

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms02-071.asp
http://www.microsoft.com/security/security_bulletins/ms02-071.asp
for information on obtaining this patch.


- ---------------------------------------------------------------------

Zum Vergrößern anklicken....

Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation - Deutsch

QuickInfo
Dateiname: Q328310_WXP_SP2_x86_DEU.exe
Downloadgröße: 4046 KB
Veröffentlichungsdatum: 11.12.2002
Version: Q328310

Übersicht
A security vulnerability has been identified that could allow an attacker to
compromise a Windows-based computer and gain complete control over it.
The attacker would need the ability to log onto the computer to carry out an
attack. You can help protect your computer from this specific vulnerability
by installing this update from Microsoft.

Systemanforderungen
Unterstützte Betriebssysteme: Windows XP

Windows XP Professional
Windows XP Home Edition

http://download.microsoft.com/downl...b914-2dbc23102d66/Q328310_WXP_SP2_x86_DEU.exe

Zum Vergrößern anklicken....

Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation - Deutsch
Die Anweisungen für diesen Download werden in Kürze auf Deutsch erhältlich sein. Nehmen Sie bitte bis dahin mit den englischen Anweisungen vorlieb.

QuickInfo
Dateiname: DEUQ328310i.EXE
Downloadgröße: 1151 KB
Veröffentlichungsdatum: 12.12.2002
Version: Q328310

Übersicht
A security vulnerability has been identified that could allow an attacker to compromise a Windows-based computer and gain complete control over it. The attacker would need the ability to log onto the computer to carry out an attack. You can help protect your computer from this specific vulnerability by installing this update from Microsoft.

Systemanforderungen
Unterstützte Betriebssysteme: Windows NT
Windows NT4.0 Terminal Server Edition

http://download.microsoft.com/download/7/e/0/7e0069f4-201d-42ba-b1ad-3f9fd62a6c5c/DEUQ328310i.EXE

Zum Vergrößern anklicken....

Windows XP Patch: Windows Hardware Compatibility Audio Test Causes Computer to Stop Responding - Deutsch

QuickInfo
Dateiname: Q810272_WXP_SP2_x86_DEU.exe
Downloadgröße: 363 KB
Veröffentlichungsdatum: 11.02.2003
Version: Q810272

Übersicht
This update addresses the "HCT Audio Test Causes Computer to Stop Responding" issue in
Windows XP, and is discussed in Microsoft Knowledge Base (KB) Article 810272.
Download now to allow HCT Audio Tests to complete.

For more information about this issue, read Microsoft KB Article: 810272. (This site is in English.)
http://support.microsoft.com/default.aspx?scid=kb;en-us;810272

Systemanforderungen
Unterstützte Betriebssysteme: Windows XP
Windows XP Professional
Windows XP Home Edition

http://download.microsoft.com/downl...b933-aba75553c208/Q810272_WXP_SP2_x86_DEU.exe

Zum Vergrößern anklicken....

- ----------------------------------------------------------------------
Title: Cumulative Patch for Internet Explorer (810847)
Released: 5 February 2003
Revised: 12 February 2003(version 2.0)
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Impact: Allow an attacker to execute commands on a user's
system.
Max Risk: Critical
Bulletin: MS03-004

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS03-004.asp
http://www.microsoft.com/security/security_bulletins/ms03-004.asp
- ----------------------------------------------------------------------

Reason for Revision:
====================
Subsequent to the initial release of this bulletin, a non-security
issue was discovered with this patch that could affect some users -
primarily consumers - under certain conditions. Specifically, the
issue could cause some users to be unable to authenticate to
certain Internet web sites such as subscription based sites, or MSN
e-mail. This issue has been resolved, and a hot fix (813951) issued
to correct it. It is important to note that this hot fix corrects a
very specific non-security issue, and that the security patch
discussed in this Security Bulletin was, and still is, effective in
removing the vulnerabilities discussed later in this bulletin. More
information, including details of how to obtain the hot fix are
available at:
http://www.microsoft.com/windows/ie/downloads/critical/813951/defau
lt.asp and in the Frequently Asked Questions section of this
bulletin.

Issue:
======

This is a cumulative patch that includes the functionality of all
previously released patches for IE 5.01, 5.5, 6.0. In addition, it
eliminates two newly discovered vulnerabilities involving Internet
Explorer's cross-domain security model - which keeps windows of
different domains from sharing information. These flaws results in
Internet Explorer because incomplete security checking causes
Internet Explorer to allow one website to potentially access
information from another domain when using certain dialog boxes.
In order to exploit this flaw, an attacker would have to host a
malicious web site that contained a web page designed to exploit
this particular vulnerability and then persuade a user to visit
that site. Once the user has visited the malicious web site, it
would be possible for the attacker to run malicious script by
misusing a dialog box and cause that script to access information
in a different domain. In the worst case, this could enable the web
site operator to load malicious code onto a user's system. In
addition, this flaw could also enable an attacker to invoke an
executable that was already present on the local system.

A related cross-domain vulnerability allows Internet Explorer's
showHelp() functionality to execute without proper security
checking. showHelp() is one of the help methods used to display an
HTML page containing help content. showHelp() allows more types of
pluggable protocols than necessary, and this could potentially
allow an attacker to access user information, invoke executables
already present on a user's local system or load malicious code
onto a user's local system.

The requirements to exploit this vulnerability are the same as for
the issue described above: an attacker would have to host and lure
a user to a malicious web site. In this scenario, the attacker
could open a showHelp window to a known local file on the visiting
user's local system and gain access to information from that file
by sending a specially crafted URL to a second showHelp window. The
attacker could also potentially access user information or run code
of attacker's choice.

This cumulative patch will cause window.showHelp( ) to cease to
function. When the latest HTML Help update - which is being
released via Windows Update with this patch - is installed,
window.showHelp( ) will function again, but with some limitations
(see the caveats section later in this bulletin). This has been
necessary in order to block the attack vector that might allow a
web site operator to invoke an executable that was already present
on a user's local system.

Mitigating Factors:
====================
- -The attacker would have to host a web site that contained a
web page used to exploit either of these cross-domain
vulnerabilities.
- -The attacker would have no way to force users to visit the
site. Instead, the attacker would need to lure them there,
typically by getting them to click on a link that would take them
to the attacker's site.
- -By default, Outlook Express 6.0 and Outlook 2002 open HTML
mail in the Restricted Sites Zone. In addition, Outlook 98 and 2000
open HTML mail in the Restricted Sites Zone if the Outlook Email
Security Update has been installed. Customers who use any of these
products would be at no risk from an e-mail borne attack that
attempted to exploit this vulnerability unless the user clicked a
malicious link in the email.
- -Internet Explorer 5.01 users are not affected by the first
vulnerability.

Risk Rating:
============
- Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
http://www.microsoft.com/security/security_bulletins/ms03-004.asp
for information on obtaining this patch.

Acknowledgment:
===============
- Microsoft thanks Andreas Sandblad, Sweden for reporting the
cross domain vulnerability using showHelp and for working with us
to protect customers.

- ---------------------------------------------------------------------

Zum Vergrößern anklicken....

February 2003, Cumulative Patch for Internet Explorer (810847)
Posted: February 05, 2003

Read This First
The "February 2003, Cumulative Patch for Internet Explorer" eliminates all previously
addressed security vulnerabilities affecting Internet Explorer, as well as additional
newly discovered vulnerabilities. This update includes the functionality of all previously
released Internet Explorer patches. Download now to help maintain the security of your computer.

For more information about the vulnerabilities this update addresses,
read the associated Microsoft Security Bulletin.
http://www.microsoft.com/technet/security/bulletin/MS03-004.asp

System Requirements
This update applies to Internet Explorer with the following operating systems:
- Windows XP SP1 64-bit Edition
- Windows XP SP1
- Windows XP
- Windows 2000 SP3
- Windows 2000 SP2
- Windows NT® 4.0 SP6A
- Windows Millennium Edition (Windows ME)
- Windows 98 SE

Internet Explorer 6 SP1 (2mb)
http://download.microsoft.com/download/5/2/7/527f5280-7b5c-4531-973f-11b46e52e1f2/q810847.exe

Internet Explorer 6 SP1 for Windows XP SP1 64-bit Edition (4.27mb)
http://download.microsoft.com/download/4/3/4/4347f4e3-6afd-4316-8abb-d3f4631998d5/q810847.exe

Internet Explorer 6 for Windows XP (2.43mb)
http://download.microsoft.com/download/f/0/d/f0d744d2-91a8-4369-af4d-6939d2758244/q810847.exe

Internet Explorer 5.5 SP2 (2.15mb)
http://download.microsoft.com/download/c/5/c/c5c7f443-9943-4674-a993-03c3cd9b2384/q810847.exe

Internet Explorer 5.01 SP3 for Windows 2000 SP3 (1.92mb)
http://download.microsoft.com/download/b/a/d/bad08b7a-caa2-4cfa-854c-6afba9f2fdb8/q810847.exe

Zum Vergrößern anklicken....

Zwei neue Sicherheitslücken im Internet Explorer
Sammel-Patch behebt neue Sicherheitslecks im Cross-Domain Security Model

Microsoft bietet ab sofort einen weiteren Sammel-Patch für den Internet Explorer der Versionen 5.x, 5.5x und 6.x für die Windows-Plattform an. Neben bisher bekannten Sicherheitslecks behebt der Patch auch zwei bisher nicht beseitigte Sicherheitslücken, die im Cross-Domain Security Model des Browsers stecken.

Über eine präparierte Webseite kann ein Angreifer gefährlichen Scriptcode ausführen und so Zugriff auf Daten einer anderen Domain erhalten. Darüber könnte dieser im schlimmsten Fall Programmcode auf das entsprechende System übertragen und ausführen oder bereits darauf befindlichen Programmcode starten.

Ein weiteres Sicherheitsleck steckt in der showHelp()-Funktion im Internet Explorer, die Hilfeseiten anzeigt. Durch einen Programmfehler lassen sich über eine entsprechend präparierte Webseite mehr Protokolle aufrufen als nötig. So erlaubt es einem Angreifer die Einsicht in Nutzerdaten sowie die Ausführung von Programmcode, ganz gleich ob dieser sich bereits auf dem lokalen System befindet oder vom Angreifer aufgespielt wird. Der nun veröffentlichte Patch blockiert die Hilfe-Funktion bis zur Einspielung eines separat bereitgestellten Updates für die Windows-Hilfe. Dieses Update sorgt dann dafür, dass die showHelp()-Funktion mit stärkeren Restriktionen wieder läuft.

Microsoft bietet den Sammel-Patch für Internet Explorer 5.x, 5.5x und 6.x ab sofort unter anderem in deutscher Sprache zum Download an. Für die Aktualisierung der Hilfe-Funktion stellt Microsoft entsprechende Downloads über die Windows-Update-Funktion bereit. Alternativ existieren direkte Downloads in deutscher Sprache für Windows 2000, Windows XP, Windows XP - 64 Bit Edition.

Zum Vergrößern anklicken....

Windows XP Patch: Enabling Applications to Access HTML Help in a New, Restricted Mode - Deutsch

QuickInfo
Dateiname: Q811630_WXP_SP2_x86_DEU.exe
Downloadgröße: 1439 KB
Veröffentlichungsdatum: 05.02.2003
Version: Q811630

Übersicht
This update enables applications to access HTML Help in a new, restricted mode.
Future updates of Internet Explorer require this new capability.

Systemanforderungen
Unterstützte Betriebssysteme: Windows XP
Windows XP Professional
Windows XP Home Edition

http://download.microsoft.com/downl...80f6-0c8b0eddfcaf/Q811630_WXP_SP2_x86_DEU.exe

Windows 2000
http://download.microsoft.com/downl...-97fc-98c6cf1fee8c/Q811630_W2K_SP4_X86_DE.exe

Windows XP 64 Bit Edition
http://download.microsoft.com/downl...842-f733c6c441b8/Q811630_WXP_SP2_ia64_DEU.exe

Zum Vergrößern anklicken....

You Cannot Access Your MSN E-mail Account or Authenticate with a Web Site in Various Programs

The information in this article applies to:
Microsoft Internet Explorer version 6 for Windows XP SP1
Microsoft Internet Explorer version 6 for Windows 2000 SP1
Microsoft Internet Explorer version 6 for Windows NT 4.0 SP1
Microsoft Internet Explorer version 6 for Windows Millennium Edition SP1
Microsoft Internet Explorer version 6 for Windows 98 Second Edition SP1
Microsoft Internet Explorer version 6 for Windows 98 SP1

Zum Vergrößern anklicken....

February 2003, Update for Internet Explorer 6 SP1 (813951)
Posted: February 11, 2003

Read This First
This update fixes an issue caused by the February 2003, Cumulative Patch for
Internet Explorer (810847) where users could potentially be unable to log into
MSN mail accounts or authenticate with a web site in various programs.
For more information please see KB article 813951.
http://support.microsoft.com/?kbid=813951

System Requirements
Internet Explorer 6 SP1

http://download.microsoft.com/download/f/0/0/f00d2086-da23-4a67-b9eb-a14ee28b3d79/q813951.exe
(345kb)

Zum Vergrößern anklicken....

- ----------------------------------------------------------------
Title: Flaw in Windows Me Help and Support Center Could
Enable Code Execution (812709)
Date: 26 February, 2003
Software: Microsoft Windows Me
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS03-006

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-006.asp
http://www.microsoft.com/security/security_bulletins/ms03-006.asp
- -----------------------------------------------------------------

Issue:
======
Help and Support Center provides a centralized facility through
which users can obtain assistance on a variety of topics. For
instance, it provides product documentation, assistance in
determining hardware compatibility, access to Windows Update,
online help from Microsoft, and other assistance. Users and
programs can execute URL links to Help and Support Center by
using the "hcp://" prefix in a URL link instead of "http://".

A security vulnerability is present in the Windows Me version of
Help and Support Center, and results because the URL Handler for
the "hcp://" prefix contains an unchecked buffer.

An attacker could exploit the vulnerability by constructing a URL
that,when clicked on by the user, would execute code of the
attacker's choice in the Local Computer security context. The URL
could be hosted on a web page, or sent directly to the user in
email. In the web based scenario, where a user then clicked on
the URL hosted on a website, an attacker could have the ability
to read or launch files already present on the local machine. In
the case of an e-mail borne attack, if the user was using Outlook
Express 6.0 or Outlook 2002 in their default configurations, or
Outlook 98 or 2000 in conjunction with the Outlook Email Security
Update, then an attack could not be automated and the user would
still need to click on a URL sent in e-mail. However if the user
was not using Outlook Express 6.0 or Outlook 2002 in their
default configurations, or Outlook 98 or 2000 in conjunction with
the Outlook Email Security Update, the attacker could cause an
attack to trigger automatically without the user having to click
on a URL contained in an e-mail.

Mitigating Factors:
====================
- The Help and Support Center function could not be started
automatically in Outlook Express or Outlook if the user is
running Internet Explorer 6.0 Service Pack 1.
- For an attack to be successful, the user would need to visit a
website under the attacker's control or receive an HTML e-mail
from the attacker.
- Automatic exploitation of the vulnerability by an HTML email
would be blocked by Outlook Express 6.0 and Outlook 2002 in their
default configurations, and by Outlook 98 and 2000 if used in
conjunction with the Outlook Email Security Update.

Risk Rating:
============
- Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at

http://www.microsoft.com/technet/security/bulletin/ms03-006.asp
http://www.microsoft.com/security/security_bulletins/ms03-006.asp

for information on obtaining this patch.


- -----------------------------------------------------------------

Zum Vergrößern anklicken....

Patch availability - Download locations for this patch
Microsoft Windows Me:
http://windowsupdate.microsoft.com

Zum Vergrößern anklicken....