Mnsappau.exe

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Hotmail log in failure Please help, I can't access my hotmail email. MSN Messenger is working and says I have 19 new emails, but when I click on email through there or even go via hotmail.com page cannot be displayed when I type my password in. My friend can access their email through my comp so it's not that. It's just my hotmail a/c. Could it be blocked? If so how and for how long?? Please help. Thanks Tag: Mnsappau.exe Tag: 61519
  - 2
    - Web Application Security Hi, We are developing a web application with .NET. I have read some articles from microsoft, but I am still unclear about how to go about ensuring security. 1) Do we have to have Database Roles mapped to Database user's to ensure security? * if we had one admin account to a specific database and then validated users from application level security would it be a bad idea? 2) How can we do row level tracking? i.e: Say we have Table A that can accessed from user A & User B. But User A can access all records on that while user B can access some records. How do we achieve that? We figured we need to maintain a Access Matrix table in the DB. For example, say like Table A row 3 can be accessed by emp id 1 &2 and say like Table B row 4 can be accessed by emp id 1. But this really increases complexity and might bring down performance and maintainablity as such. 3) If we do role based (i.e: RoleA-> Can access TableA,TableB RoleB->can access TableC,TableD and there is user1 with ROLEA and user2 with ROLEB) from sql server how should we map this to the application. Should the application, pass user name and password and assume that identity, then when a DB call failed throw back a forrmatted exception to the user. But, then in this instance application doesn't know pre hand that information. ( I Assume that there is no way without an admin password applicatioin can query and get user name/password from SQL server). So how should we go about it? Thanks in advance. Tag: Mnsappau.exe Tag: 61515
  - 3
    - Internet security for Windows 98 Help! I would like to know which internet browser I should download with my system utilizing Windows 98. I tried using Explorer 6.0, but my 2004 copy of Norton's Internet Seurity Professional will not load. There seems to be some type of conflict with this version of the browser & my system, which is running 64 meg of RAM. It loaded fine with an earlier version of Explorer. I just can't remember which version... Can anyone help me? s/Sergio Tag: Mnsappau.exe Tag: 61514
  - 4
    - Cetificate missing to activate MSN I am running Windows XP Home and have both Internet Explorer & Mozilla Firefox Explorer. I am completely unable to access Hotmail thru Internet Explorer but am able to access it through Mozilla. I am also unable to access MSN Messenger at all. It tells me - "There was a problem connecting you to MSN Messenger. Click Troubleshoot for help with this problem." There is also an error code 0x81000370 in that window. When I click on troubleshoot it asks for permission to find and fix which I allow. The Troubleshooter searches for the problem and returns with the message - "We did not find any problems with your system settings or programs. Please try signing in to MSN Messenger later." I accidently deleted a certificate two nights ago and think that may be the trouble and was wondering if you could possibly send me a link or website where I might be able to download/reinstall this certificate as it may be what my problem is. I have tried removing and reinstalling MSN Messenger twice with no success. Please help as I am very reliant on MSN Messenger because of my remoteness at this time. Tag: Mnsappau.exe Tag: 61513
  - 5
    - Security and USB I am looking to protect data ( documents and small data base's etc) on my memory sticks ( 2 off). Most of the apps that are around, appear to allow the USB to be protected, but access is only with the app being installed on the PC and that manages the access. I need to have the memory stick protected yet allow me access when I use them.. even on a totally different PC. Most systems I use run XP. Any suggestions ? Tag: Mnsappau.exe Tag: 61510
  - 6
    - Securing a standalone workstation Hi All I am wanting to know if it is possible to acheive the following. I have a home computer that I want to share with others. Each user has there own local user account. The machine is connected to the Internet but is not on a domain. I want to be able to restrict them so that the only folder visible on the machine is their respective My Documents folder. I do this because firstly I want them to save all data in ONE area only, not all over the hard disk. Secondly, I don't want them to run certain programs. This means that they can only "see" files that they have created, and cannot browse to any other part of the filesystem. They are restricted to executing only those applications present on the Start menu. I have attempted to do this, but ran into some obstacles. I tried using NTFS permissions to hide any folder and files except My Documents, but to fully acheive this hiding breaks the applications on the Start Menu. By disallowing them to see any files means that they can not run the applications because they are invisible!! I then tried relaxing the permissions on those files and folders that are used by an application. This fixed the problem, but it now allows anybody to delete certain application files, especially with legacy applications. And what if I missed some files and programs that are legit? It just seems to be a lot of messing around to me. Does Windows have any concept of setuid, where you can run a program at a privileged level? That way I could just hide everything on the drive, exposing only application entry points that are run at a higher privilege level allowing the application to run properly. Only problem here is that if the application is running at higher privelege level, a Save As dialog box may allow you to save to some part of the file system that I don't want them to. Or are there any alternatives to Windows Explorer that let you restrict drive access? It seems with Windows it is impossible to have absolute control over what happens, ther is always a compromise. Is this the case, or am I just not knowledgeable enough about it? It seems all this would be solved by simply having a server/shared drive where al documents can be kept, and then just restricting access to C drive via Local Machine Policy... thanks in advance... Tag: Mnsappau.exe Tag: 61508
  - 7
    - can i get new password if i forget my password and my security que can i get new password if i forget my password and my security question Tag: Mnsappau.exe Tag: 61503
  - 8
    - viewing sites I am the administrator of my computer and 3 others log into there own screen name. When I come home from work every day I like to find out what kind of sites the guys have been on but they are smart to delete the files from Temporary Internet Folders what can I do to prevent this. I am just curious what sites they are only on when I am not around -- Help Tag: Mnsappau.exe Tag: 61502
  - 9
    - Passwords Is there anyway of passwording the Temporary Internet folder -- Help Tag: Mnsappau.exe Tag: 61501
  - 10
    - anyone? Anyone know the best way to get rid of "0websearch"? These people should be... well you know. I would appreciate any help. Thanks. Tag: Mnsappau.exe Tag: 61498
  - 11
    - hackers sum1 has hacked my bros account n changed his qouestion n he cant get on Tag: Mnsappau.exe Tag: 61497
  - 12
    - How to delete or repair W2k3 cert store I've reinstalled and deleted a verisgn pfx file to the computer cert store of a w2K3 server a couple times and now I can no longer add the private key and cert. I get a the below message. How can I repair or delete the cert store? Thanks, Jim Certificate Import Wizard "An internale error occured. This can be either the user profile is not accessible or the private key that you are importing might require a cryptographic service provider that is not installed on your system." Tag: Mnsappau.exe Tag: 61485
  - 13
    - gdiplus.dll security question Am I correct in assuming that jpg's which have the potentially threatening code will only be a threat if opened/viewed by a program that has a gdiplus.dll? I find only 4 instances of gdiplus.dll on my system, all of which are version 5.3xxx.xx. In a previous posted question I was assured that these were safe. Can I now assume that other jpg handling applications are safe? That the only danger is from older gdiplus.dlls? Thanks Tag: Mnsappau.exe Tag: 61478
  - 14
    - GdiPlus (GDI+) JPEG Vulnerability - patching Two questions about the GDIPlus (GDI+) JPEG Vulnerability: 1. I'm running Windows 2K and Office XP. I ran Windows Update (which updated the .NET frameworks) and the Office Update (which installed some updates) and then as prompted by Microsoft's vulnerability tool, I ran GDIPLUS_6.exe to patch Microsoft Picture It! 20002. Now when I scan the system for gdiplus.dll, I find that none of them have recent dates. Is this ok? 2. I noticed that my Visual FoxPro directory contains a gdiplus.dll file, but Visual FoxPro is not on the Microsoft list either of vunerable, or not vulnerable products. Is there a needed GDIPlus patch for Visual FoxPro? Thanks, Kevin Tag: Mnsappau.exe Tag: 61471
  - 15
    - security concerns about email with digital certificate By now in my personal opinion using web-based mail with IE is more secure than using OUTLOOK or Outlook Express. Although we can use outlook or OE to send and receive secure email with digital signature, there is potential insecurity after I download my emails to my computer-- that is my computer could be hacked.... But when I use web-based email, I can hardly send encrypted email to others... What a headache. Tag: Mnsappau.exe Tag: 61463
  - 16
    - XP SP2 with firewall actived and run symantec security check tools... First, sorry if this has already been asked before. I goooooooogled to find it but did not get a clear evidence ;-) I installed the SP2 and activated the firewall. Then I went to Symantec and run their security checker http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym It tells me that it is open to acker exposures: - ICMP ping --> Open (In the advanced tab, of my firewall for ICMP, this is not allowed???) - 135 Location Service (loc-srv) --> Open - 139 NetBios --> Closed - 445 WindowNT/2000 SMB --> Open I tried to look at the docs (...not sure where to find a good one) to see if I can close/hidde these ports --> but did not find any... Could someone tell me if it is possible to close these ports and how to amend the setting so as to be as safe as possible with the integrated firewall. Thanks, José Tag: Mnsappau.exe Tag: 61461
  - 17
    - What will happen under this circumstance? When I send a digital-signed encrypted email to an email address without digital signature, What will happen? Will the email lost? or the contents of the email will not be showed though the email can be sent? Tag: Mnsappau.exe Tag: 61457
  - 18
    - Is the software for key management secure? I use a software "Just1key" to manage keys for some accounts when I login some websites. Is it secure? Could the software bring about more risk of being hacked? If someone knows the only one key for keys management, he would know all my keys saved in that software, right? Additionally, if my computer is hacked, could all the keys be stolen? Hope you can answer all my questions. thank you in advance. Tag: Mnsappau.exe Tag: 61456
  - 19
    - W2k CA within 2003 ADS I have running a w2k certificate authority on a w2k member server. The domain controllers are Win2003 (ADS win2003). Now only the the domain administrator are abel to enroll a certificate. Domain user can't enroll certificates, even they have administrator rights. The users don't have the rights to access the certificate templates. Could someone help me to find the problem? Tag: Mnsappau.exe Tag: 61452
  - 20
    - WinXP SP1 Internet Connection Firewall Deployment I am using a specialized set of additional open ports in Internet = Connection Firewall and would like to configure a number of computers = this way but do not want to have to step through this repetitive task on = each PC. Is there any way with Windows XP SP1 to quickly duplicate the = settings of the Internet Connection Firewall on one computer to the next? Tag: Mnsappau.exe Tag: 61442
  - 21
    - Endless Buffer Overruns I see yet another update (JPEG) involving the same type of ongoing buffer overrun vulnerability. Could someone please help me understand why this situation has not been corrected? I'm approaching this from a programmer point of view. I have made mistakes and overlooked errors in my code. However, when I am made aware of a type of error, I go back and fix ALL of those types of errors. At least as many as I know about. Why doesn't Microsoft? If they don't know about all the buffer overrun areas, shouldn't they have a team that verifies the code? Maybe I don't understand what buffer overrun is/does. I would think it is when some programmer makes a mistake in address pointers and his program writes outside of allocated memory. Since this is a big (there's endless updates on such) and repeating security issue, why not at the very minimum check, double check, and triple check all areas where there could even be a potential of buffer overrun? Or, even better, design the system so that programs cannot even possibly write outside of their allocated memory? Or, if there is some reason that's necessary under such-and-such circumstances, I would think Microsoft's programs shouldn't do that and therefore should have a flag that prohibits them from writing outside allocated memory. Maybe someone can explain why this is an ongoing issue that cannot be corrected, but otherwise I see no excuse for it. Duane Tag: Mnsappau.exe Tag: 61435
  - 22
    - Unknown microsoft page I have a w2k machine with IE 6.0 that has been hijacked with a home page "http://microsoft.OEM101.bz" address. I have used Hijack this, spybot and Ad aware to remove this page. It keeps comming back and I cannot locate the source for it. I have found nothing on the Internet. It stores the connection in HKCU and HKLM under Software, Microsoft, IE, Main. I have overlooked something and need assistance HELP. Jim Holman Tag: Mnsappau.exe Tag: 61432
  - 23
    - Conflicting numbers for Security Bulletin MS04-028 I did steps 1 & 2 at the page - "September 2004 Security Update for JPEG Processing (GDI+) at http://www.microsoft.com/security/bulletins/200409_jpeg.msp x. Step 4 - Update Developer Tools took me to a page where I could do a Security Update for IE 6 SP1 (KB833989), which I did. In a columned box below Step 4, there are update numbers for various programs. For IE6 SP1, the Update # is 830348. I don't have the latter update in my add/remove programs. Is this part of the JPEG processing issue that this security issue is about? I'm confused because it's a different number than the one in Step 4 for IE 6 SP1. Tag: Mnsappau.exe Tag: 61428
  - 24
    - Upcoming ISA Server Chat 09/22: Enabling Remote Client (VPN) Access with ISA Server 2004 Title: Enabling Remote Client (VPN) Access with ISA Server 2004 Description: With ISA Server 2004 Standard Edition, you can easily configure separate policies for roaming clients, set quarantine options, and finely control how these clients access the corporate network. We invite you to meet the developers, testers, program managers, and writers who developed the VPN features of ISA Server. Date: 9/22 Time: 10am Chat Room: http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000081 Add to your calendar: http://www.microsoft.com/technet/downloads/vcs/04_ISA_VPN_Sep22.ics Tag: Mnsappau.exe Tag: 61425
  - 25
    - windowspatch.com I keep getting a pop up that wants me to go to windowspatch.com b/c my comp. has been affected by something or another. Is this a legitimate website for Microsoft or a virus? Tag: Mnsappau.exe Tag: 61419
- Next
  - 1
    - identifying antivirus in security center I cannot seem to get the xp security center to identify norton as the antivirus program. I have had to security to manual. I am running Norton 2005. Any help would be appreciated Tag: Mnsappau.exe Tag: 61417
  - 2
    - Microsoft.net framework 1.0 SP3 Eng As advised by Microsoft Update, I downloaded SP3 but it will not install. Goes thru all the preliminaries, then when its time to install, it stops and says it can not. Can any on help? When I try on line help, the system refuses to recognize my passport no. (serial no.?) Thanks. jpk Tag: Mnsappau.exe Tag: 61416
  - 3
    - SUS - Missing KB873374 (GDI+ Detection Tool)?? We use the latest version of SUS. I approved the KB873374 update yesterday. I was receiving many complaints from users about the dialog ("The software tool did not detect any Microsoft Office, Microsoft Picture It!, or Microsoft .NET framework software on your computer that is vulnerable to the GDI+ Graphics Component security vulnerability") so I went into SUS to unapprove it. Unfortunately I cannot find the update listed anywhere! Has anyone else had this problem? Tag: Mnsappau.exe Tag: 61410
  - 4
    - What is the best anti virus Program What is the best anti virus Program for Windows XP sp2. Tag: Mnsappau.exe Tag: 61408
  - 5
    - MS04-028 Clarification needed Hi, I need a clarification concerning the affected products. If the following is true: Affected are all products that use Gdiplus.dll prior to version 5.1.3102.1355, Mso.dll prior to version 10.0.6714.0 or Vgx.dll prior to version 6.0.2800.1411. Then IE 5 is affected too, in contradiction to the bulletin. I used my SMS software inventory and found vgx.dll version 5.00.3014.1003 on the IE 5 systems. I found a gdiplus.dll version 5.1.3102.1229 in a Microsoft Works folder. Does that mean Works must be patched, too? What I'd need is a clear statement as to which dlls are affected in which versions. Thank you Henrik Zawischa Tag: Mnsappau.exe Tag: 61403
  - 6
    - Virus Dear Sir / Madam, Recently I always receive an error message : This compute is infected with a spyware called " Online Dialer / MaConnect ". Security Scan Report show : A broweser parasite called " My Search " has infected this computer . I need your advise. Thank you. Tag: Mnsappau.exe Tag: 61393
  - 7
    - accessing user files without logging in I have had problems with WinXP home, so I upgraded to WinXP pro. For fear it would delete my files, I created a new folder for pro to be installed in (same drive). Pro works fine. However, home doesn't work at all. My files are in my old home user account that has a password to logon. When I try to open the folder of my home user account files all it says is that I don't have access rights-it doesn't even give me a prompt for the password. If there was no password I would be able to access it (i.e.:all my files are still there). If I could merely enter the password when trying to open the folder, that would very nice. Also, if many of you are 100% sure it won't delete my files in an upgrade I might take that path instead. Thank you, ninjascyther@juno.com Tag: Mnsappau.exe Tag: 61392
  - 8
    - Friend logging onto my comp I have a roomate who continually logs onto my comp. He doesn't know my passwords (at least I don't think he does). I saw him starting it under safe mode once, then when I returned to the room I opened the laptop to find out that he had somehow managed to log into my account. Please help me block this opening and stop this from happening again. Thanks. Sean Tag: Mnsappau.exe Tag: 61390
  - 9
    - password I have my own computer and I have put a password, and I have installed an anti virus (Norton System Works)but I don't understand how someone else can be logged onto my computer when I installed it? It means that my computer is not protected although I have a password and anti virus.I am person who is bound for the computer and it is my job and I have bought the computer for myself and at the same time I am disappointed how can it happen? It means that your personnel do it. Please , explain it to me. Thank you sonja_917@msn.com Tag: Mnsappau.exe Tag: 61389
  - 10
    - MS Proxy Server 2: Hide IP in LAN Hi! I don't have much experiece with networking, but i heard there's a way to setup a proxy on your own computer to mask your IP or something similar. I want to do this because I dont want others on my LAN to see my private IP. How do i get started? Tag: Mnsappau.exe Tag: 61386
  - 11
    - All updates fail Hi I'm running xpI can not get any updates to install they all fail at that point any Ideas. Thank You, Dave Tag: Mnsappau.exe Tag: 61383
  - 12
    - Forced autodownload reboots - NOT LEGAL! This is a very unhappy IT consultant, who has had several Servers I am responsible for have a forced reboot of them occur at 3:00am after downloading a security update. the following is from the EVENT VIEWER: Restart Required: To complete the installation of the following updates, the computer will be restarted within five minutes. Until this computer has been restarted, Windows cannot search for or download new updates. - Security Update for Windows Server 2003 (KB833987) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I am dismayed at the apparent lack of concern for sites operating 24/7 and forcing a reboot of critical server systems after an autodownload! I got paged by two sites in the middle of the night wanting to know why their Servers just crashed! These reboots should ONLY be done after fair warning and be planned. When has this policy changed? -it cost one of my engineering sites a huge loss in productivity and $$$ due to steel pattern cutting robot control files having to be reloaded! NOT HAPPY! This shouldnt be allowed to happen! Tag: Mnsappau.exe Tag: 61372
  - 13
    - What are these?? Whilst running a virus scan I noticed these files appearing but they were not flagged by my AV (Panda Titanium 2004). I checked through Explorer and found the folloeing (empty) folders. I Googled some of the names but the websites on Google were all foreign. Is it OK to delete them? PUTA!!.EXE HACKE!.EXE ALEVIR.EXE MSTASK.EXE SCRSVR.EXE SRV32.EXE INSTIT.BAT Any help would be very welcome Colin. Tag: Mnsappau.exe Tag: 61371
  - 14
    - Publisher Hi Guys, I have run into a slight snag. I am runningXP, SP2, when I go to Hoyles games to play some backgammon, I get a pop-up that says Microsoft cannot verify the publisher,,any way around this?,,firewall turned off. "Help",,Thank You, Dennis M. Tag: Mnsappau.exe Tag: 61370
  - 15
    - AuthzReportSecurityEvent Does anyone know the format/content of the ... portion at the end of the AuthzReportSecurityEvent API call. The documentation says a "List of AuditParamFlag type/value pairs that provide additional information about the event." When I try passing an array of type AUDIT_PARAM I get error 87 (The parameter is incorrect). I have not been able to find an example of code that actually calls this method yet. Any help would be greatly appraciated. Thanks, Chris Tag: Mnsappau.exe Tag: 61369
  - 16
    - XP SP2 IE6 vulnerability Background information ====================== Windows XP Service Pack 2 has introduced new features that improve browsing security in Internet Explorer. Most of them are additional messages that force the user to validate everything that is done by the browser. Most of these messages are displayed in the new Information Bar. For example if you try to open a web page that contains Javascript code or ActiveX objects, it is likely that they will be blocked, the Information Bar will appear and offer you to reload the page with the untrustworthy components enabled. More information can be found at: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2brows.mspx The side effect of these features is that some web sites can't be used as easily as before because the user has to respond to an increasing number of notifications and questions. Vulnerability Explained ======================= As an example I created a simple XHTML document containing MathML and installed the MathPlayer ActiveX plugin from DesignScience (http://www.dessci.com/en). This type of document used to render correctly in IE6 but since SP2 was installed the new features interfere with the loading of the component : the page is first loaded without MathPlayer which has to be enabled via the Information Bar. But there seems to be a vulnerability in Internet Explorer that allows this protection to be bypassed. All that needs to be done is to add a fake comment between the DOCTYPE declaration and the <html> tag that mimics those added by IE when a page is saved to disk. The "fake" comments must be formatted as follows :  where URL is to be replaced by an URL (for instance http://www.example.com/) and XXXX by a 4 digit integer that represents the number of characters in the URL (for instance 0023). System Affected =============== Windows XP Pro and Home editions with SP2 IE 6.0 (SP2) How to reproduce ================ Install the plugin from DesignScience. Paste the following text in a file with an .xml extension. Open it with IE with and without the comment on line 4. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 plus MathML 2.0//EN" "http://www.w3.org/TR/MathML2/dtd/xhtml-math11-f.dtd">  <html xmlns="http://www.w3.org/1999/xhtml"> <HEAD> <TITLE>IE Vulnerability example</TITLE> <BODY> <math displaystyle="true" xmlns="&mathml;"> <mfrac> <mn>27</mn> <mn>12</mn> </mfrac> </math> </BODY></HTML> Remarks ======= This also works with pages containing Javascript code. -- Cyrille SZYMANSKI Tag: Mnsappau.exe Tag: 61367
  - 17
    - Windows Security I have Norton Virus Protection installed.On start up a balloon comes up on taskbar,> Your virus protection status is unknown < If I click on this Balloon I am told, > Norton A/Virus reports that it is installed, but its status is unknown, click recommendations for suggested actions you can take < When I do that it takes me to, > Windows Security Center < but from here I am lost,can you help an old one please? Kind Regards, Ken. Tag: Mnsappau.exe Tag: 61357
  - 18
    - Windows messenger Every time I open the internet I am bombarded with pop ups about windows messenger. There is a new version and do I want to download it now. Yes or No. I am fed up saying no 3 or 4 times a session. How do I get rid of these popups.Has anyone else got this problem?Thanks Gerry Tag: Mnsappau.exe Tag: 61348
  - 19
    - Windows Server 2003 I have a client who is running Windows Server 2003 and Windows XP workstations. Three of the stations log on around 6:30am and lock up every day around 4:30pm. I feel that this has something to do with SECURITY settings. None of the other stations (logon around 8:30am) have this problem. Tag: Mnsappau.exe Tag: 61344
  - 20
    - My MS04-028 FAQ The instructional text in this latest MS04-028 Security Bulletin seems totally ridiculous for anyone trying to effect patch management on more than 3 PC's. Their FAQ is just blowing me away. I'm not sure whether to laugh or to cry. Here's my FAQ. Let's see them answer THESE! Feel free to play along and either answer or add to the list. It won't likely accomplish much, but it will be more fun (and probably more productive) than sitting in a meeting with a bunch of other confused IT's trying to figure out "how to deploy this one." 1. Are you *%^ing kidding me! OK, I just had to get that out. Moving on... 2. What is this "vulnerable component"? "Windows XP, Window XP Service Pack 1, and Windows Server 2003 are the only operating systems that contain the *vulnerable component* by default. By default, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, and Windows 2000 are not. However, the *vulnerable component* will be installed by any of the programs listed in the affected software section of this bulletin on these operating systems and you should install the appropriate security update for those programs." 3. Is it "GDI+"? (Then say so!) 4. If it is GDI+ and Windows is such a shared resource OS, why can't the GDI+ component be patched at the OS level without requiring a patch for each individual app? 5. "Typically, when these programs are installed on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 they only use the version that is provided by the operating system, even if they install a copy of the vulnerable component." Oh, really? (Trying to find a nice way of asking #1 again.) 6. Can the "vulnerable component" be removed/uninstalled? 7. Would removing it disable viewing/using JPEG files and/or disable some other desired functionality? 8. Would removing the .Net Framework help the situation? 9. Does this prove my original fears that installing the .Net Framework is merely an act of inviting *yet another MS security nightmare*? 10. If the recent .Net Framework 1.0 & 1.1 SP's contained such critical patches as this one, why didn't MS issue a Security Bulletin for them? 11. Why DOESN'T the "GDI+ Detection Tool" do all the things that MS tells us it doesn't do? (Basically: why doesn't it detect ALL affected sw AND tell us whether that sw is patched?) 12. If the existing GDI+ detector says I'm clean, and then I install something vulnerable, am I "SOL"? Will the detector say, "I've already run," and ignore my new app? 13. Can MS provide us with a detector that works? 14. Will someone else make one that works? 15. If so, can we buy *their* OS and/or sw? 16. Does this vulnerability affect only MS sw? 17. Are any other sw companies saying, going to say, or have they already said anything about this vulnerability in regards to their sw? 18. If so, is it only because they're using MS SDK's to write their sw? 19. Is it time to jump the MS ship? 20. How many more MS apps are going to get their own patches for this same vulnerability a month or two down the road? 21. How many vulnerable apps won't get patches because MS doesn't "support" them anymore? (implies they "supported" these apps previously) 22. Should I simply use the GDI Detection Tool to find the vulnerable apps and just remove those apps rather than wait for a follow-up patch that "fixes" the same vulnerability and/or a totally new and scarier one? 23. Which Linux distro should I start with if I'm a newbie to it, but have been in IT for 15+ years? 24. How do I know what hardware to put this Linux distro with if I'm building a new system? 25. How do I build a completely MS-free, Linux-based system that even my technophobe wife (who may freak if it doesn't look exactly like our old MS system) can use? 26. Is Linux any better, since I'll have to depend on several distros and/or word of mouth to get bug/security fixes for it, as opposed to one company like MS? 27. Last but far from least, the associated WindowsUpdate entry for MS04-028 doesn't update anything. So, why is it listed as a Critical Update? Tag: Mnsappau.exe Tag: 61343
  - 21
    - Should this be reported I've been receiving several messages a day similar to the one below. Luckily McAfee catches them, but I was wondering if I should report them by forwarding them to somewhere on Microsoft. If yes, WHERE? Thank you, Orville Microsoft All Products | Support | Search | Microsoft.com Guide Microsoft Home Microsoft Partner this is the latest version of security update, the "September 2004, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Choose Yes on displayed dialog box. How to use You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us. Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. -------------------------------------------------------------------------- The names of the actual companies and products mentioned herein are the trademarks of their respective owners. Contact Us | Legal | TRUSTe ©2004 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility Tag: Mnsappau.exe Tag: 61341
  - 22
    - MS04-028 - .NET Framework Does anyone know if an ASP.NET web application that uses GDI+ can be exploited by the vulnerability described in MS04-028? And, if so, how? thanks Tag: Mnsappau.exe Tag: 61332
  - 23
    - Certificate Template The validity period from the user certificate template in win2k certificate authority is only one year if it is a enterprise ca. How can I change validity period to a longer value? Exists other templates for w2k enterprise ca? Tag: Mnsappau.exe Tag: 61329
  - 24
    - Spybot Search & Destroy recovery? Hello, Does anyone here know antything about Spybot Search & Destroy? I have used Spybot to remove some of the spyware on my computer but when I open Spybot and go to Recovery there is nothing listed there. Aren't all the "fixed problems" supposed to show up so that I can undo them if I need too? Sorry if this is the wrong newsgroup to ask this but I didn't know where else to go! Thanks, Val Tag: Mnsappau.exe Tag: 61326
  - 25
    - HOWTO: Enable/Disable USB interface and/or USB storage devices using Group Policy in Windows XP Hello from Istanbul/Turkey, In Windows 2000 or 2003 Active Directory and Windows XP workstation environment, you can enable or disable all the USB interface or just USB storage devices using group policy. Just follow: 1. Create a custom adm file, you can name it usb.adm with the following content: ; Beginning of the file ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; CLASS MACHINE ;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; CATEGORY !!USB POLICY !!REstrictUSB KEYNAME "System\CurrentControlSet\Services\usbuhci" PART !!RestrictionValue NUMERIC VALUENAME Start END PART END POLICY POLICY !!REstrictUSBStorage KEYNAME "System\CurrentControlSet\Services\USBSTOR" PART !!RestrictionValueStorage NUMERIC VALUENAME Start END PART END POLICY END CATEGORY #endif [strings] USB="Restrict USB Access" RestrictUSB="USB Interface Restriction" RestrictionValue="Enter 4 to restrict USB interface, 3 to enable" RestrictUSBStorage="USB Storage Restriction" RestrictionValueStorage="Enter 4 to restrict USB storage, 3 to enable" ; End of the file 2. Put this file in C:\Windows\Inf in one of your Domain Controllers (DC). 3. On this DC, run AD Users and Computers, select the Organizational Unit (OU) you want to enable or disable USB. Open Group Policy (GP) for this OU. 4. Select Administrative Templates under Computer Configuration. Right click and select Add/Remove Templates, click add and select usb.adm and click open, then close Add Remove Templates window. 5. Now you can see "Restrict USB Access" category under Administrative Templates. To see its contents, you should click Administrative Templates and on View menu clik Filtering. Clear "Only show policy settings that can be fully manages" option. Click OK. 6. Click Restrict USB Access. There are two policies here, USB Interface Restriction (UIR) and USB Storage Restriction (USR). 7. If you want to fully enable full USB, enable two of the policies and enter the value of 3. If you want to enable USB interface but disable USB storages, enter 3 for UIR, 4 for USR. If you want to disable USB all, enter 4 for both values. PS: Because this registry setting is considered as a preference, even if you remove the policy, the setting remains there. So you should enable this settings in all your organizational units. I've tried this in Windows 2003 and Windows XP environments and saw it works. I didn't try in Windows 2000, but i guess it works there too. I hope this helps you too. Tag: Mnsappau.exe Tag: 61325

My firewall keeps prompting me to block or permit msnappau.exe which is
attempting to access my comp. Anyone know what it is???

Top

RE: Mnsappau.exe by MAP

MAP
Sat Sep 18 10:51:02 CDT 2004

"Lou" wrote:

> My firewall keeps prompting me to block or permit msnappau.exe which is
> attempting to access my comp. Anyone know what it is???

Looks like it has something to do with auto update's for MSN browser toolbars.

http://forums.majorgeeks.com/archive/index.php/t-39027

Top