Schwachstelle in Windows NT ermöglicht DoS-Attacke
http://www.microsoft.com/germany/ms/technetservicedesk/bulletin/bulletinms03-029.htm
-----------------------------------------------------------------------
Title: Flaw in Windows Function Could Allow Denial of Service
(823803)
Date: 23 July 2003
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-029.asp
-----------------------------------------------------------------------
Who should read this bulletin: Systems administrators running Microsoft® Windows® NT 4.0 Server
Impact of vulnerability: Denial of service
Maximum Severity Rating: Moderate
-----------------------------------------------------------------------
- Windows NT4.0 Workstation
- Windows NT 4.0 Server
- Windows NT 4.0 Server, Enterprise Edition
http://download.microsoft.com/download/8/8/7/887f8155-812b-45ec-b91d-ea6a1b8a448b/DEUQ823803i.EXE
- Windows NT4.0 Terminal Server Edition
http://download.microsoft.com/download/6/3/6/636d310f-2671-4271-9f7f-e61b23ecba6d/DEUQ823803i.EXE
Sammelpatch für Microsoft SQL Server
http://www.microsoft.com/germany/ms/technetservicedesk/bulletin/bulletinms03-031.htm
--- Drei Sicherheitsloecher in SQL-Server und Data Engine ---
Im SQL-Server der Versionen 7.0 und 2000 sowie der Data Engine 1.0
entdeckte Microsoft drei neue Sicherheitsluecken, die mit einem
passenden Sammel-Patch behoben werden koennen. Die Sicherheitslecks
erlauben es einem Angreifer unter anderem, beliebigen Programmcode auf
dem Server auszufuehren. Microsoft raet Systemadministratoren, den
Patch schleunigst einzuspielen.
http://www.golem.de/0307/26616.html
------------------------------------------------------------------
Title: Cumulative Patch for Microsoft SQL Server (815495)
Date: 23 July 2003
Software:
- Microsoft SQL Server 7.0
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (Windows)
Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-031
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
------------------------------------------------------------------
Microsoft SQL Server 7.0
- Unterstützte Betriebssysteme: Windows 2000, Windows 95, Windows 98, Windows ME, Windows NT, Windows Server 2003, Windows XP
- SQL Server 7.0 Service Pack 4 or MSDE 1.0 Service Pack 4
http://download.microsoft.com/downl...7dd59eefb09/SQL70-KB815495-v7.00.1094-GER.exe
Microsoft SQL 2000 32-bit Edition
- Unterstützte Betriebssysteme: Windows 2000, Windows 98, Windows ME, Windows NT, Windows Server 2003, Windows XP
- SQL Server 2000 (32-bit) Service Pack 3 or Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3
http://download.microsoft.com/downl...12e147b7f5/SQL2000-KB815495-8.00.0818-GER.exe
Microsoft SQL 2000 64-bit Edition
- Unterstützte Betriebssysteme: Windows Server 2003
- SQL Server 2000 (64-bit)
http://download.microsoft.com/downl...4b9dbd264b/SQL2000-KB815495-8.00.0818-GER.exe
Kritisch: Ungeprüfter Puffer in DirectX 5/6/7/8/9 erlaubt Hackerangriff
http://www.microsoft.com/germany/ms/technetservicedesk/bulletin/bulletinms03-030.htm
--- Schwere Sicherheitsluecke in DirectX ---
Wie Microsoft in einem aktuellen Security Bulletin mitteilt, steckt in
der DirectX-Komponente DirectShow ein Sicherheitsleck, das es einem
Angreifer erlaubt, ueber eine praeparierte MIDI-Datei beliebigen
Programmcode auf einem fremden System auszufuehren. Microsoft bewertet
das Sicherheitsleck, das in zahlreichen DirectX-Versionen enthalten
ist, als kritisch, schon weil DirectX Bestandteil etlicher Windows-
Versionen ist.
http://www.golem.de/0307/26611.html
- ----------------------------------------------------------------------
Title: Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Date: July 23, 2003
Software:
-- Microsoft DirectX(r) 5.2 on Windows 98
-- Microsoft DirectX 6.1 on Windows 98 SE
-- Microsoft DirectX 7.0a on Windows Millennium Edition
-- Microsoft DirectX 7.0 on Windows 2000
-- Microsoft DirectX 8.1 on Windows XP
-- Microsoft DirectX 8.1 on Windows Server 2003
-- Microsoft DirectX 9.0a when installed on Windows 98
-- Microsoft DirectX 9.0a when installed on Windows 98 SE
-- Microsoft DirectX 9.0a when installed on Windows Millennium Edition
-- Microsoft DirectX 9.0a when installed on Windows 2000
-- Microsoft DirectX 9.0a when installed on Windows XP
-- Microsoft DirectX(r) 9.0a when installed on Windows Server 2003
-- Microsoft Windows NT 4.0 Server with either Windows
-- Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
-- Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
Impact: Allow an attacker to execute code on a user's system
Max Risk: Critical
Bulletin: MS03-030
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-030.asp
- ----------------------------------------------------------------------
Microsoft DirectX 5.2, DirectX 6.1 and DirectX 7.0a on Windows 98, Windows 98 SE and Windows Millennium Edition
Note: Windows 98, Windows 98 SE and Windows Millennium Edition users who are running a version of DirectX earlier than DirectX 9.0a must upgrade to DirectX 9.0b.
Win98/98SE/ME sollten auf DX9b aktualisieren
- DirectX 9.0b End-User Runtime
Leider nur webSetup bislang
http://download.microsoft.com/download/7/3/c/73cc71c0-13d9-4274-8d9c-33d8a528a396/dxwebsetup.exe
Microsoft DirectX 7.0 on Windows 2000
- Unterstützte Betriebssysteme: Windows 2000
- Windows 2000 Professional
- Windows 2000 Server
- Windows 2000 Advanced Server
http://download.microsoft.com/downl...cae4453249e7/Windows2000-KB819696-x86-DEU.exe
Microsoft DirectX 8.1 on Windows XP 32-bit Edition
- Windows XP Professional
- Windows XP Home Edition
http://download.microsoft.com/downl...ae86-1ffe8e2500a5/Q819696_WXP_SP2_x86_DEU.exe
Microsoft DirectX 8.1 on Windows XP 64-bit Edition
http://download.microsoft.com/downl...283-0486551e1b42/Q819696_WXP_SP2_ia64_DEU.exe
Microsoft DirectX 8.1 on Windows Server 2003 32-bit Edition
http://download.microsoft.com/downl...e3a6c5/WindowsServer2003-KB819696-x86-DEU.exe
Microsoft DirectX 8.1 on Windows Server 2003 64-bit Edition
http://download.microsoft.com/downl...85d2e/WindowsServer2003-KB819696-ia64-DEU.exe
Microsoft DirectX 9.0a: All Windows versions
- DirectShow® Security Fix
- Unterstützte Betriebssysteme: Windows 2000, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 98, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP
http://download.microsoft.com/downl...fc-bb8dfbc59c3f/DirectX9-KB819696-x86-DEU.exe
Microsoft Windows NT 4.0
- Windows NT 4.0 Server
- Windows NT 4.0 Workstation
- Windows NT 4.0 Server, Enterprise Edition
http://download.microsoft.com/download/1/7/c/17cb1336-7a1a-484c-8908-f29086459e24/DEUQ823492i.EXE
Microsoft Windows NT 4.0, Terminal Server Edition
- Windows NT Server 4.0, Terminal Server Edition
http://download.microsoft.com/download/c/3/b/c3b312a0-246f-40c3-b4c9-6289726742d7/DEUQ823492i.EXE
##
Deutsche meldungen nachgeschoben (Golem, MS Bulletin)