Microsoft Security Bulletin Release for January 2004

TheMSsForum.com: The Microsoft Software Forum

Follow up set to microsoft.public.security...

Today Microsoft released the following Security Bulletins.

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security
are authoritative in all matters concerning Microsoft Security Bulletins!
ANY e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See the
individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.

Bulletins Summaries:

ISA Server: http://www.microsoft.com/technet/security/bulletin/isajan04.asp
Exchange: http://www.microsoft.com/technet/security/bulletin/excjan04.asp
Windows (MDAC):
http://www.microsoft.com/technet/security/bulletin/winjan04.asp

Critical Bulletins:

MS04-001 - Vulnerability in Microsoft Internet Security and Acceleration
Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)
http://www.microsoft.com/technet/security/bulletin/MS04-001.asp

Important Bulletins:

MS04-003 - Buffer Overrun in MDAC Function Could Allow Code Execution
(832483)
http://www.microsoft.com/technet/security/bulletin/MS04-003.asp

MS03-045 - Re-Release: Buffer Overrun in the ListBox and in the ComboBox
Control Could Allow Code Execution (824141)
http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

Reason for re-release: V4.0 January 13, 2004: Bulletin updated to reflect
the release of updated Windows NT 4.0 Workstation and Server updates for
Arabic, Hebrew, and Thai languages only.

Moderate Bulletins:

MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege
Escalation (832759)
http://www.microsoft.com/technet/security/bulletin/MS04-002.asp

This represents our regularly scheduled monthly bulletin release (second
Tuesday of each month). Please note that Microsoft may release bulletins out
side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.

--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and confers no rights.
Top

Re: Microsoft Security Bulletin Release for January 2004 by James

James
Tue Jan 13 13:50:23 CST 2004

Jerry Bryant [MSFT] wrote:
[snip]

> Bulletins Summaries:
>
> ISA Server:
> http://www.microsoft.com/technet/security/bulletin/isajan04.asp

[snip]


I'm not trying to be obtuse here (honest), but what exactly is the reason
for of the existance of KB 816458? If you want to take a look, it's here
http://support.microsoft.com/?kbid=816458 but you'll quickly notice it
doesn't actually say anything, except to direct the reader somewhere else.

I realise that MS responded recently to criticism that there used to be a KB
article and a security bulletin for each security issue, and that it was
necessary to read both the KB article and the security bulletin to gather
all relevant information. Reducing the complexity of the security bulletins
and patching process is definitely a Good Thing.

...but what is the point of issuing a "placeholder" KB such as 816458 ? My
(genuine) suggestion to MS: stop publishing KB articles that don't actually
say anything. If you want to look at this a different way, notice that the
security bulletin page
http://www.microsoft.com/technet/security/bulletin/MS04-001.asp is titled

"Vulnerability in Microsoft Internet Security and Acceleration Server 2000
H.323 Filter Could Allow Remote Code Execution (816458)" - but what exactly
does the 816458 refer to? Is it a unique identifier for this particular
security bulletin or not? Isn't "MS04-001" supposed to be the unique
identifier? Maybe you could make your minds up, and end the double naming
strategy; it's hard enough keeping track of bulletins without having to know
that MS04-001 is actually 816458... or was it that 816458 is actually
MS04-001?

Oh, and now that we have the recently revamped monthly security bulletins,
there's actually a third place you can visit to read this information,
http://www.microsoft.com/technet/security/bulletin/isajan04.asp Of course,
the information is slightly different to that at
http://www.microsoft.com/technet/security/bulletin/MS04-001.asp... and
completely different to that (fact-free) KB article...

Why the three pages? Wasn't the idea to *reduce* the number of places your
end-users and sysadmins have to look to find the relevant info?

James Reather


Top

Re: Microsoft Security Bulletin Release for January 2004 by Torgeir

Torgeir
Tue Jan 13 15:48:22 CST 2004

James Reather wrote:

> I'm not trying to be obtuse here (honest), but what exactly is the reason
> for of the existance of KB 816458? If you want to take a look, it's here
> http://support.microsoft.com/?kbid=816458 but you'll quickly notice it
> doesn't actually say anything, except to direct the reader somewhere else.
>
> (snip)
> ...but what is the point of issuing a "placeholder" KB such as 816458 ? My
> (genuine) suggestion to MS: stop publishing KB articles that don't actually
> say anything. If you want to look at this a different way, notice that the
> security bulletin page
> http://www.microsoft.com/technet/security/bulletin/MS04-001.asp is titled
>
> "Vulnerability in Microsoft Internet Security and Acceleration Server 2000
> H.323 Filter Could Allow Remote Code Execution (816458)" - but what exactly
> does the 816458 refer to? Is it a unique identifier for this particular
> security bulletin or not? Isn't "MS04-001" supposed to be the unique
> identifier? Maybe you could make your minds up, and end the double naming
> strategy; it's hard enough keeping track of bulletins without having to know
> that MS04-001 is actually 816458... or was it that 816458 is actually
> MS04-001?

Hi

I strongly disagree, at least as long as the files and the registry
values that comes with the security updates uses the KBxxxxxx format
(just as all the standard non-security updates does).

I am very happy that I can do a KB search or just add the xxxxxx numbers
behind the URL http://support.microsoft.com/?kbid= when I see a reference
to KBxxxxxx somewhere (in files, registry, newsgroups etc.) without
knowing that it is a security update or not. And if it is a security
update, I get the necessary information I need to do a further research
if necessary (name of the security update, URL to the security bulletin,
what products it is relevant to).

So I would say, please keep the KB articles for the security updates just
as they are now :-)

--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter


Top

Re: Microsoft Security Bulletin Release for January 2004 by Tedd

Tedd
Tue Jan 13 16:50:27 CST 2004

My guess ?
At one time, the first link to 816458 did contain more info, but they moved
and updated the full version to the second link on TechNet which does
clearly say at the bottom:
Revisions:
V1.0 (January 13, 2004): Bulletin published
So the TechNet new version is the complete one. Also as far as the
"Placeholders", It would probably be better if Microsoft ad a table that if
you accessed would tell you the new update. But you have to remember, there
are plenty of people that are subscribed to TechNet and have hundred of CD's
if they have been in the program long enough and when that problem mentioned
in this first came up, it would have been on one of the CD's. If a person
was looking for this to see if this was still an issue, I do not think they
would be happy to find no reference to it at all.
I agree, the first page you get to on 816458 is not one of the worlds most
exciting. But it does provide a purpose acting as a reference table.
my 2 cents

--
Tedd Riggs
PDA Square Content Developer
www.pdasquare.com


"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:400467A6.944CE8FA@hydro.com...
> James Reather wrote:
>
> > I'm not trying to be obtuse here (honest), but what exactly is the
reason
> > for of the existance of KB 816458? If you want to take a look, it's
here
> > http://support.microsoft.com/?kbid=816458 but you'll quickly notice it
> > doesn't actually say anything, except to direct the reader somewhere
else.
> >
> > (snip)
> > ...but what is the point of issuing a "placeholder" KB such as 816458 ?
My
> > (genuine) suggestion to MS: stop publishing KB articles that don't
actually
> > say anything. If you want to look at this a different way, notice that
the
> > security bulletin page
> > http://www.microsoft.com/technet/security/bulletin/MS04-001.asp is
titled
> >
> > "Vulnerability in Microsoft Internet Security and Acceleration Server
2000
> > H.323 Filter Could Allow Remote Code Execution (816458)" - but what
exactly
> > does the 816458 refer to? Is it a unique identifier for this particular
> > security bulletin or not? Isn't "MS04-001" supposed to be the unique
> > identifier? Maybe you could make your minds up, and end the double
naming
> > strategy; it's hard enough keeping track of bulletins without having to
know
> > that MS04-001 is actually 816458... or was it that 816458 is actually
> > MS04-001?
>
> Hi
>
> I strongly disagree, at least as long as the files and the registry
> values that comes with the security updates uses the KBxxxxxx format
> (just as all the standard non-security updates does).
>
> I am very happy that I can do a KB search or just add the xxxxxx numbers
> behind the URL http://support.microsoft.com/?kbid= when I see a reference
> to KBxxxxxx somewhere (in files, registry, newsgroups etc.) without
> knowing that it is a security update or not. And if it is a security
> update, I get the necessary information I need to do a further research
> if necessary (name of the security update, URL to the security bulletin,
> what products it is relevant to).
>
> So I would say, please keep the KB articles for the security updates just
> as they are now :-)
>
> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of the 1328 page
> Scripting Guide: http://www.microsoft.com/technet/scriptcenter
>
>


Top

Re: Microsoft Security Bulletin Release for January 2004 by Jim

Jim
Tue Jan 13 19:56:27 CST 2004

Any time there is a security update, the KB is exactly that; a placeholder and linker.
All the relevant details are owned and published by the MS security team in the Technet bulletin, not the product team.

--
Jim Harrison [ISASE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.


"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message news:400467A6.944CE8FA@hydro.com...
James Reather wrote:

> I'm not trying to be obtuse here (honest), but what exactly is the reason
> for of the existance of KB 816458? If you want to take a look, it's here
> http://support.microsoft.com/?kbid=816458 but you'll quickly notice it
> doesn't actually say anything, except to direct the reader somewhere else.
>
> (snip)
> ...but what is the point of issuing a "placeholder" KB such as 816458 ? My
> (genuine) suggestion to MS: stop publishing KB articles that don't actually
> say anything. If you want to look at this a different way, notice that the
> security bulletin page
> http://www.microsoft.com/technet/security/bulletin/MS04-001.asp is titled
>
> "Vulnerability in Microsoft Internet Security and Acceleration Server 2000
> H.323 Filter Could Allow Remote Code Execution (816458)" - but what exactly
> does the 816458 refer to? Is it a unique identifier for this particular
> security bulletin or not? Isn't "MS04-001" supposed to be the unique
> identifier? Maybe you could make your minds up, and end the double naming
> strategy; it's hard enough keeping track of bulletins without having to know
> that MS04-001 is actually 816458... or was it that 816458 is actually
> MS04-001?

Hi

I strongly disagree, at least as long as the files and the registry
values that comes with the security updates uses the KBxxxxxx format
(just as all the standard non-security updates does).

I am very happy that I can do a KB search or just add the xxxxxx numbers
behind the URL http://support.microsoft.com/?kbid= when I see a reference
to KBxxxxxx somewhere (in files, registry, newsgroups etc.) without
knowing that it is a security update or not. And if it is a security
update, I get the necessary information I need to do a further research
if necessary (name of the security update, URL to the security bulletin,
what products it is relevant to).

So I would say, please keep the KB articles for the security updates just
as they are now :-)

--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter



Top