current scan by SPYBOT

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - popups that are pains can anyone offer a solution to stop the annoying grey box popups that you have to click on forever to get rid of? they say to gop to their site and unsubscribe, yet when I do this I get page not available. I could buy their stop the popups software hpwever, that would just make them successful. does anyone want to file a class action against these idiots? i.e. endads.com,stopmessenger.com... please email an answer to twogood2b4u2@yahoo.com and post your reply at the mocrosoft.public.security Newsgroup thanks, larry let's get these guys!!!!!!!!!!!!! Tag: current scan by SPYBOT Tag: 26790
  - 2
    - MS03-026 Login script One last question: We have XP and W2000 client machines, does anybody have an example login script to run this update (so that it runs depending on the operating system) and will execute only one time? Dave thanks for your input, Thanks >-----Original Message----- >Mario: > >Go to URL: >http://microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-026.asp > >There is an EXE file for each affected platform. > >You can then place the EXE in a NT Login Script and execute it with the >following switch parameters...-z -q > >-q = Install quietly >-z = Don't reboot PC. > >Dave > > >"Mario" wrote in message >news:0a1401c35b54$e377de10$a501280a@phx.gbl... >> I would like to push this update to the domain rather than >> going workstation by workstation, is there any msi and >> quick explanation how to do this. >> >> Thanks Tag: current scan by SPYBOT Tag: 26778
  - 3
    - SUS Server Set up I am trying to set up an SUS server. I'm having a bit of difficulty trying to get everything to wokr properly. Basically when I try and connect to our server I get a simple directory listing instead of the page I should be recieving. I read the manual and all but I can't seem to figure out what's going on. Does any one know of any quirks for in getting the page to display properly with the SUS server? I'm at my wits end. Tag: current scan by SPYBOT Tag: 26775
  - 4
    - More security patch problems I downloaded and attempted to install the latest Windows 2000 security patch (concerning the RPC buffer). I get two error messages when attempting to open the file. "A device attached to the system is not functioning" "Windows2000-KB823980-X86-ENU.exe is linked to missing export NTDLL.DLL:NtShutdownSystem. " I have Windows ME and have already gone the "automatic update" route using the microsoft website. The updates listed did not include this new security patch. Does anyone have a helpful tip? Tag: current scan by SPYBOT Tag: 26768
  - 5
    - Could I have been hacked? At my job I recieved an mysterious email from a person that has the same email address as I do? For example my email adress Jlynn@nwood.com I recieved and email from Friend@nwood.com. I am the exchange admin and I didnt not setup an account like this and there is not one on the server. How can this be? I havre microsoft exchange server 2000 and Jlynn Tag: current scan by SPYBOT Tag: 26755
  - 6
    - Microsoft Security Bulletin MS03-026 Hi If I am NATing to my PC through a router (NOT A FIREWALL), am I protected ? Tag: current scan by SPYBOT Tag: 26752
  - 7
    - Update for Hijack this Hijack this version 1.95 has been updated to version 1.96. To update, open program>config>misc. tools>check for update on line. LuckyStrike -- LS@smokedamagedfurniture.youcandriveitawaytoday.com ---------------------------------------------------------------------------- -------- Tag: current scan by SPYBOT Tag: 26747
  - 8
    - password protect Win 98 Is there any way to password protect Windows 98 on start- up? (and not be able to by-pass it by chosing cancel) Thanks in advance for the help. Tag: current scan by SPYBOT Tag: 26742
  - 9
    - Windows Update Hi Whlst doing a Windows update, as the update was downloading, noticed it was titled Security Udate, April 2, 2001. The date made me suspicious as I generally allow Windows Update to run once per week. As it is now 2003 am more than a little surprised. Anyone know whether this is a genuine update or whether there is a potential problem. Cheers Tag: current scan by SPYBOT Tag: 26732
  - 10
    - Limiting a user Hi everyone. I have a problem. I have an employee that likes to snoop around a lot on a work computer that's hooked up to our network. I'd like to set up her account so that when she logs on she only has access to certain files. I don't even want her to be able to open the start button. Can anyone help me? I have absolutely no clue what to do. Thank You. Sincerely, Kenny VanderVoort Tag: current scan by SPYBOT Tag: 26726
  - 11
    - port scanning I am in need of some help. I have xp,I sign onto to aol via dialup, my antivirus is up to date, i am running a firewall. i am constantly seeing ip scans coming from same addresses tring to access the same ports every time i sign online. Sometimes i can be online with no scan for a while, other times, they just don't stop. 210.5.22.22, 218.15.192.64, 220.112.155.77, I have tried tracing these scans and blocking and reporting the ip groups <to no avail> any ideas anyone to get to the bottom of this? Tag: current scan by SPYBOT Tag: 26721
  - 12
    - Hackers Attempted Attacks I have Win 2000 server and for the past few days I see bunch of logs in the event log about failure attempts to login to the system. After few attempts the accounts get locked out. I can see the name of the machine who is trying to attack me. This person is running a program for like 20 minutes everyday or so. How can I find out who that is? or how can I prevent these programs from running against my machine? Thanks Tag: current scan by SPYBOT Tag: 26719
  - 13
    - obscene pics Obscene images, pictures, and etc keep popping in my computer and it really irritates me seeing it while doing something. I would really appreciate it if you reply to this problem. Tag: current scan by SPYBOT Tag: 26714
  - 14
    - Accessing HTTPS sites l'm having problems connecting to https secure sites that use SSL. My browser is IE6 and our server is Ms Proxy Server 2. Whenever l try to access these type of sites l get an error message that says "10061 Connection Refused, An Error occured whilen trying to retrieve your URL" l have checked my internet options under advanced to see if SSL 2.0,SSL 3.0,TLS 1.0 and PCT 1.0 are all enabled and they are all enabled. l'm thinking maybe the problem is with my Proxy configuration settings. So what do l do. -- Posted via http://dbforums.com Tag: current scan by SPYBOT Tag: 26698
  - 15
    - THE PATCH? I was told by another newsgroup that MICROSOFT DOES NOT SEND OUT EMAILS TO MICROSOFT CUSTOMERS RE ANY UPDATING ETC. PLEASE BEWARE OF "SPAMS" "VIRUSES" ETC. IT IS BEST TO USE THE WINDOWS UPDATE THROUGH MICROSOFT WEBSITE. GOOD LUCK:) Tag: current scan by SPYBOT Tag: 26687
  - 16
    - oe removes access to all attachments that come w/ e-mail HI, IF SOMEONE COULD HELP? OE KEEPS REMOVING ACCESS TO ALL ATTACHMENTS THAT COME W/ MY E-MAILS. SAYS THEY,RE UNSAFE,BUT THEY'RE NOT. I'M USING MICROSOFT OUTLOOK 6. THANK YOU Tag: current scan by SPYBOT Tag: 26681
  - 17
    - Firewall and SYN FLOOD Hi all, I am running home network behind broadband DSL router, and a few days back I post a question on the security newsgroup about syn flooding problem and got some advice about installing Antivirus and Firewall software on my computer. Now I 've got the trial version of Norton antivirus and Kerio firewall (recommend by an MVP on the security newsgroup). The virus scan found nothing positve about adware or trojan horse or anything else on my machine. The problem I always have is that whenever I access Microsof Website for a while the SYN Flood log will appear on my broadband router's security log. This happen at the same time when I get no response back from the page I request from Microsft Website. I check the Firewall monitor and saw that there are quite a few connection made by IE to TCP and UDP ports on Microsft Site. I normally surf only a handful of site on the Internet using my second partition of WIndows 2K (not the one I use for my work). This installation have all the latest patch for Win2K and IE6 installed.The problem of unable to get the response back from Microsoft Website will last for a short while and then I can access it again. It does not seem to happen with other Website but may be because I surf Microsoft site more than others. This problem does not happen when I try it on my Redhat Linux installation using Mozilla (at the moment I am writing this message using Mozilla). Could it be possible that this problem is related to IE 6 or with security setting of syn flood protection on my broadband router. I can't remember that I have this problem when I was using IE 5.5, if this is to be the case How would I get back to IE 5.5. I also don't want to reinstall my Win2k. Could anyone provide a good suggestion on what to do and possibly explaine what may have cause such a problem? As this will be greatly aprrecited. Regards, Tag: current scan by SPYBOT Tag: 26671
  - 18
    - How to call GetTokenInformation in C# Hi, Does anyone know how to call the Win32 Native API GetTokenInformation() in C# language? Thanks! Tag: current scan by SPYBOT Tag: 26665
  - 19
    - Remote Procedure Call error? DCOMX.EXE, RPC.EXE, RPCTEST.EXE on your computer? Possible hacking. I've seen a number of people ask this question today, so I hope this is helpful to someone: FYI, the presence of the files Dcomx.exe or the other files mentioned below along with a "Remote Procedure Call" or TFTP popup message on your system are signs you may have been hacked by a tool such as Autorooter. [TFTP.EXE is a normal file that comes with many versions of Windows, but it should usually not be running on most systems.] To fix this, you need a firewall [even a free one such as www.sygate.com or www.kerio.com], to install all the latest Microsoft service packs and patches from www.windowsupdate.com, check your firewall logs to see who has hacked you, and install and run an antivirus with the latest updates that detects this thing [ www.grisoft.com is free antivirus], or submit sample files to your antivirus vendor if it does not detect this thing. I do believe there may be new variants of Autorooter that possibly have not yet been fully discovered. Unlike an automated event like a worm, this event may indicate that someone personally ran a tool against you and may have done things to your computer. You can find out if you are infected with Autorooter or something new that hasn't been discovered by going to one of the scanner sites below. If nothing is detected, that's pretty interesting, let us and your antivirus company know: http://housecall.antivirus.com [my preference] OR http://security2.norton.com Once your computer has been hacked, these are some things I might recommend doing are here: http://securityadmin.info/faq.htm#hacked http://securityadmin.info/faq.htm#re-secure http://securityadmin.info/faq.htm#harden This Trojan has been given several different names by various anti-virus companies: RPC Worm (F-Secure) Downloader-DM (McAfee) Autorooter (Panda) Worm.Win32.Autorooter (AVP) Backdoor.IRC.Cirebot (Symantec) References: http://www.europe.f-secure.com/v-descs/rpc.shtml http://vil.nai.com/vil/content/v_100524.htm http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cirebot .html http://news.com.com/2100%2D1009%2D5059263.html http://www.microsoft.com/technet/security/bulletin/MS03-026.asp http://www.microsoft.com/security/security_bulletins/MS03-026.asp http://support.microsoft.com/?kbid=823980 Here are some signs of infection, though these do not necessarily match all the variants that might be out there: "Signs of infection: - the existence of one or more of the following files: rpc.exe rpctest.exe tftpd.exe dcomx.exe lolx.exe worm.exe Signs that a network is being attacked: - traffic on port 445 to sequential IP addresses. Signs that an attack has succeeded (allowing a remote shell and downloading of the backdoor): - port 57005 open; - an ftp [tftp] connection on port 69." I hope this helps. Let us know if you find anything interesting. Thanks to Susan Bradley for pointing this information out. Tag: current scan by SPYBOT Tag: 26664
  - 20
    - Applied latest fix, MS823980 I applied this fix on an NT 4.0 Domain Controller and now the domain controller is not accepting domain authentication requests, ie logon attempts. Any suggestions on a fix? Preferably not uninstall the fix. Tag: current scan by SPYBOT Tag: 26663
  - 21
    - Acpi.sys can anyone help? i tried to install winXP on to a new HARD drive SAMSUNG (80 GB). goes to blue screen then loads.. but stops and says acpi.sys file is corrupted or acpi.sys file is missing.. can anyone help me remedy this problem?? -- Posted via http://dbforums.com Tag: current scan by SPYBOT Tag: 26657
  - 22
    - MVP Security seeking RFT position While I am providing remote security and crypto consulting services via: http://pages.istar.ca/~neutron I am also seeking a regular full time position in the applications security space. Preference is a mid to large size company in Canada (currently in Ontario), but will consider relocation outside of Canada. Skills: - rapid prototyping of crypto utilities - Java/COM/.NET interop development - technical writing and documentation - digital code signing for web applications (.NET, Java etc..) - Michel Gallant Ph.D. MVP Security neutron@istar.ca Tag: current scan by SPYBOT Tag: 26654
  - 23
    - Svchost.exe Internet exploit I have a PC that has an unknown application installed on it that attempts to connect to a specific site (66.220.17.X) at random times, at least 1-3 times a day (usually from 12-7am) using a SVCHOST.EXE process. I have downloaded an application that monitors TCP/IP port connections and captures the task manager process info to a file. I have identified the process id attempting to make the connection via the captured log. I have also run "tlist -s pid" from the Windows Platform SDK to identify the services associated with each instance of svchost running. Unfortunately, the questionable process does not always exist at the time I analyze the capured logs so I have not been able to determing the program being executed. I have also set auditing on "scvhost.exe" to see if I can capture the activity causing this exploit. I have also gotten a Windows Performance "Trace Log" (.etl file) which I am unable to parse via "Tracefmt.exe" also from the Windows Platform SDK. Any suggestions on how to proceed to identify the rouge application ? (Thanks) i have but am unable to parse with f Tag: current scan by SPYBOT Tag: 26650
  - 24
    - MS03--026 strange versions I have two odd situations where I am not able to patch the computers in question. Both computers show up as vulnerable using the ISS utility. (1) Windows NT for dec alpha - I tried applying the normal WinNT patch as it said for "all versions" but it said it was the wrong version. I realize that Microsoft doesn't support this version anymore and no patches have been available for this machine for years. My question is, would special code need to be written that would run on a dec alpha computer to take advantage of this vulnerability? (2) Computer with French (Canada) version of Windows XP - The English language version of the patch says wrong version. Is there a workaround, or is this just vulnerable until a French language version is available, or is it available and I just am not looking in the right place? It's hard to navigate French language stuff when you don't know French. :) Thanks for your help! Denny Tag: current scan by SPYBOT Tag: 26649
  - 25
    - RPC Exploit How do I know if my administrator applied the patch for the latest RPC exploit? Thanks, lex Tag: current scan by SPYBOT Tag: 26644
- Next
  - 1
    - Security patch Regarding Security Bulletin MS03-026: I have downloaded from Windows Update and installed Security Update (819696). Is this the security patch referred to in Security Bulletin MS03-026? My operating system is Windows XP Home. Thanks for any help you can give me. Tag: current scan by SPYBOT Tag: 26643
  - 2
    - excess pop-ups Hello, I am constantly receiving unwanted pop-up messages. How can I get rid of them? I called Microsoft and they were unable to offer a solution. I sometimes receive up to 15 in one hour and I will get them even when I'm not on-line. Thanks, Mic Tag: current scan by SPYBOT Tag: 26640
  - 3
    - nvidious I downloaded the full XP updates package, including the huge nVidia update (May 2 2003). Right, I know I'm stupid, trusing Microsoft, but I had heard about these new security problems ... ... So, first MS insisted I needed to upgrade my IE browser, even though I have 6.0. Finally got through to the page where they scan my machine to see how they can do the maximum amount of damage. The download was slow, even though I am using a cable modem, but I was doing other things, so I didn't care. Of course, it being via IE, it wouldn't tell me the download speed. The installation took an hour or so. Every ten minutes I would check to see if anything was happening, and the little bar had crept along a bit more, so I knew something was happening. Finally done -- restarted machine. Now have beautiful 4- color 640x480 17" LCD screen. Can't change the ettings. I can just see those MS people chortling: "Boy, I wish I could see this guy when he finds out our download update trashed his video settings and won't let him change them." Does anyone know anything about this? I'm sure I'll figure it out, but _why_ would MS send an update that makes things worse? Why should I have to try to find my drivers CDs, try to figure out whether it is an nVidia or Viewsonic problem, or XP problem, or an act of a vengeful god, or ... ...? I'm sure there must be a way to find out more about the nVidia download, but of course MS doesn't want to let me simply look at a list of downloads; I'm supposed to go through the process of having it check my machine for needed updates, which of course tells me I don't need any, and so I can't even find out what they did to me without digging into the web site (or maybe they won't let me do that either). Has anyone else had this problem? Anyone switch to Macs because of problems like this? I'm going to put Win98SE on my laptop so I can get some work done, and then play with my nice powerful desktop XP machine when I have more time to waste. Tag: current scan by SPYBOT Tag: 26629
  - 4
    - security Why do I need this security? My sister tried microsoft updates and it messed up her computer. Tag: current scan by SPYBOT Tag: 26622
  - 5
    - Security Update What is the security update about? Will this hose a persons computer like some of the updates do? I have a customer with questions on it and I don't want to recommend she update and then have her computer mess up. Tag: current scan by SPYBOT Tag: 26621
  - 6
    - security update Why do Tag: current scan by SPYBOT Tag: 26620
  - 7
    - 821557: Security Update (Windows XP) I'm not sure why, but when I install this update 821557: Security Update (Windows XP), I have problems with Outlook 2002 and Windows Explorer. Basically, when running Outlook 2002, it freezes when trying to send or even create a new message. When trying to open a Windows Explorer window (windows key + E), it freezes Windows. Luckily, I was able to figure out that this was the culprit and remove it. Is there going to be a fix for this? Thanks. Bill Tag: current scan by SPYBOT Tag: 26618
  - 8
    - Possible Scam I believe the following to be a scam attempting to lure MS customers to an unknown website to what purpose can only be conjectured by the following e-mail I received at my Yahoo e-mail: From Microsoft Mon Aug 4 08:01:01 2003 X-Apparently-To: chparsons@yahoo.com via 216.136.130.58; 04 Aug 2003 08:05:45 -0700 (PDT) Return-Path: <windowssecurity@email.microsoft.com> Received: from 209.11.164.116 (EHLO mh.microsoft.m0.net) (209.11.164.116) by mta145.mail.scd.yahoo.com with SMTP; 04 Aug 2003 08:05:45 -0700 (PDT) Received: from [209.11.138.130] by 10.203.1.116 (mh.microsoft.m0.net) with SMTP; 04 Aug 2003 08:29:21 +0000 Message-ID: <9706864959.1060009261235@m0.net> Date: Mon, 4 Aug 2003 08:01:01 -0700 (PDT) From: "Microsoft" <windowssecurity@email.microsoft.com> | This is spam | Add to Address Book Reply-to: windowssecurity@email.microsoft.com To: CHPARSONS@yahoo.com Subject: Security Update for Microsoft Windows Errors-to: windowssecurity@email.microsoft.com Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--- =_NEXT_f6cd79b8ae" X-cid: 9706864959 X-pid: 228387 Content-Length: 1738 *** PLEASE NOTE: Due to the critical importance of this message, this communication is being sent to all of our Microsoft customers to alert you of this Security Bulletin. *** It has been widely reported in the press and on Microsoft's own web site, that on July 16th we released a critical security bulletin (MS03-026) and a patch regarding a vulnerability in the Windows operating system. We wanted to make sure that if you were not aware of this bulletin and corresponding patch that you take a moment to go to http://www.microsoft.com/security/ security_bulletins/ ms03-026.asp to find out if you are running an affected version of the Windows operating system and get the specific information as to what you need to do to apply this patch if you have not already. Although we encourage you to pay attention to all security bulletins and to deploy patches in a timely manner we wanted to call special attention to this particular instance as we have become aware of some activity on the internet that we believe increases the likelihood of the exploitation of this vulnerability. Specifically, code has been published on several web sites that would allow someone to spread a worm/virus that takes advantage of the vulnerability in question thereby impacting your computing environment. Although it is our goal to produce the most secure and dependable products possible, we do become aware of these types of vulnerabilities. In order to minimize the risks of such vulnerabilities to your computing environment, we encourage you to subscribe to the Windows Update service by going to http://www.windowsupdate.com and also subscribe to Microsoft's security notification service at http://register.microsoft.com/ subscription/subscribeme.asp?ID=135 if you have not already. By subscribing to these two services you will automatically receive information on the latest software updates and the latest security notifications thereby improving the likelihood that your computing environment will be safe from worms and viruses that occur. We apologize for any inconvenience the implementation of this patch might cause and appreciate you taking the time to update your system. Thank you, Microsoft Corporation Tag: current scan by SPYBOT Tag: 26615
  - 9
    - What is spoofing? I would like to know what exactly is "Spoofing"? I have found out that someone has been sending Emails from from my computer and I don't know what is going on or who is doing it. No one else has access to my computer, so am I being hacked and how is this possible? Please help, Bob marisroger@aol.com Tag: current scan by SPYBOT Tag: 26606
  - 10
    - Security Downloads Ever since I downloaded the latest security alerts, my computer is running extremely slow. Any thoughts? Tag: current scan by SPYBOT Tag: 26594
  - 11
    - Patch works too well Since I downloaded the patch, Outlook Express is killing all .pdf attachments on inbound emails. I need them. How can I fix this? Regards Shane. Tag: current scan by SPYBOT Tag: 26590
  - 12
    - Backdoor Trojan Virus I have a backdoor virus in my svhost file and cannot delete it. Do you have any suggestions. Norton cannot help. The file is protected from me getting into it. -- Posted via http://dbforums.com Tag: current scan by SPYBOT Tag: 26575
  - 13
    - Is this email the real thing? I received this today? Please tell me what you think. The email came from: Microsoft <windowssecurity@email.microsoft.com> I also left the URLs of the links in parentheses. Thanks. <Original message> *** PLEASE NOTE: Due to the critical importance of this message, this communication is being sent to all of our Microsoft customers to alert you of this Security Bulletin. *** It has been widely reported in the press and on Microsoft's own web site, that on July 16th we released a critical security bulletin (MS03-026) and a patch regarding a vulnerability in the Windows operating system. We wanted to make sure that if you were not aware of this bulletin and corresponding patch that you take a moment to go to http://www.microsoft.com/security/ security_bulletins/ ms03-026.asp (http://64.4.10.250/cgi- bin/linkrd?_lang=EN&lah=adcbee7de751ca178e0641cfaa207877) to find out if you are running an affected version of the Windows operating system and get the specific information as to what you need to do to apply this patch if you have not already. Although we encourage you to pay attention to all security bulletins and to deploy patches in a timely manner we wanted to call special attention to this particular instance as we have become aware of some activity on the internet that we believe increases the likelihood of the exploitation of this vulnerability. Specifically, code has been published on several web sites that would allow someone to spread a worm/virus that takes advantage of the vulnerability in question thereby impacting your computing environment. Although it is our goal to produce the most secure and dependable products possible, we do become aware of these types of vulnerabilities. In order to minimize the risks of such vulnerabilities to your computing environment, we encourage you to subscribe to the Windows Update service by going to http://www.windowsupdate.com (http://64.4.10.250/cgi-bin/linkrd? _lang=EN&lah=d873c4a9c60563f0043496b4b7c948af) and also subscribe to Microsoft's security notification service at http://register.microsoft.com/subscription/subscribeme.asp ?ID=135 (http://64.4.10.250/cgi-bin/linkrd? _lang=EN&lah=60fdf64d3858871520d0b6b2580f65c9) if you have not already. By subscribing to these two services you will automatically receive information on the latest software updates and the latest security notifications thereby improving the likelihood that your computing environment will be safe from worms and viruses that occur. We apologize for any inconvenience the implementation of this patch might cause and appreciate you taking the time to update your system. Thank you, Microsoft Corporation Tag: current scan by SPYBOT Tag: 26574
  - 14
    - Take ownership in 2003 - clarification In the online help for Server 2003 it states that a user with "Restore files and directories" rights can take ownership of files and folders as well as assign ownership to other users. I have found neither of these to be true, but it does now appear that Administrators can not only take ownership, but they can now assign it as well? TIA Greg Brown Tag: current scan by SPYBOT Tag: 26573
  - 15
    - Recieved email today i recieved this email in my inbox today (and no i did not click the links) i was wondering since i couldnt find any info on this, if it is an actual microsoft sent email or a worm.... this is the email that i recieved it from windowssecurity@email.microsoft.com that does not look like a true microsoft email addy ..... Thanks Mike *** PLEASE NOTE: Due to the critical importance of this message, this communication is being sent to all of our Microsoft customers to alert you of this Security Bulletin. *** It has been widely reported in the press and on Microsoft's own web site, that on July 16th we released a critical security bulletin (MS03-026) and a patch regarding a vulnerability in the Windows operating system. We wanted to make sure that if you were not aware of this bulletin and corresponding patch that you take a moment to go to http://www.microsoft.com/security/ security_bulletins/ ms03-026.asp to find out if you are running an affected version of the Windows operating system and get the specific information as to what you need to do to apply this patch if you have not already. Although we encourage you to pay attention to all security bulletins and to deploy patches in a timely manner we wanted to call special attention to this particular instance as we have become aware of some activity on the internet that we believe increases the likelihood of the exploitation of this vulnerability. Specifically, code has been published on several web sites that would allow someone to spread a worm/virus that takes advantage of the vulnerability in question thereby impacting your computing environment. Although it is our goal to produce the most secure and dependable products possible, we do become aware of these types of vulnerabilities. In order to minimize the risks of such vulnerabilities to your computing environment, we encourage you to subscribe to the Windows Update service by going to http://www.windowsupdate.com and also subscribe to Microsoft's security notification service at http://register.microsoft.com/ subscription/subscribeme.asp?ID=135 if you have not already. By subscribing to these two services you will automatically receive information on the latest software updates and the latest security notifications thereby improving the likelihood that your computing environment will be safe from worms and viruses that occur. We apologize for any inconvenience the implementation of this patch might cause and appreciate you taking the time to update your system. Thank you, Microsoft Corporation Tag: current scan by SPYBOT Tag: 26566
  - 16
    - cnn.com article re: security patch? cnn.com had article on their site the other day (7/31) about how the FBI & dept of homeland security issued a warning that there could be a large scale web attack in the planning b/c of some increase in certain types of activity, etc. they said windows users should go to windowsupdate and download the security patch, which i found to be the following... "Windows XP Security Patch: Buffer Overrun In RPC Interface Could Allow Code Execution" i copied the text of that message and sent it to several of the windows users i know. my cousin wrote me back saying the download messed up his browser. i am usually not a "forwarder" and i felt so bad that something my have messed with his smooth running computer. has anyone else experienced this? is there some trick? i want to warn the others i emailed if so. i'd hate to be the one responsible for their problems. thanks in advance if anyone has any insight on this pasted below is the cnn.com text from the following link... http://www.cnn.com/2003/TECH/internet/07/31/internet.atttack/index.html Experts anxious over possible Web attack By Jeordan Legon and Marsha Walton CNN Thursday, July 31, 2003 Posted: 5:31 PM EDT (2131 GMT) Story Tools RELATED .Government warning .Microsoft warning We implore the private sector -- both business and home users -- to visit the Microsoft Web site and install the patches and mitigations necessary to prevent this from creating a negative effect on the Internet as a whole. -- FBI spokesman Bill Murray (CNN) -- Seeing a rise in hacker activity that could be a prelude to a broad Internet attack, security experts Thursday urged computer users to protect their machines by installing a free patch offered by Microsoft. The Homeland Security Department warned it has detected an increase in hackers scanning the Internet to find vulnerable computers. "That's a sure sign the intruder community is actively interested in finding out who they can exploit," said Jeffrey Havrilla, an Internet security analyst at the government's CERT Coordination Center, which monitors computer security. Concerns mount The vulnerability affects almost all computers running Microsoft's Windows operating system software. The flaw, involving so-called "buffer overflows," can fool software into accepting insecure commands that could let intruders steal data, delete files or eavesdrop on e-mails. Experts worry that home computer users and corporations might delay installing the needed patch and as a result leave their computers open to attack. "They can take complete control of a machine. They can take it down. They can reformat the hard drive. They can scan for information," said Dan Ingevaldson, engineering director at Internet Security Systems in Atlanta. New tools tested Government experts said hackers have tested new tools in recent days to seize unsecured computers. Internet security firms issued similar warnings, saying they've seen increased chatter in hacker discussion groups and chat rooms about how to take advantage of Windows' vulnerability. "We are expecting something sooner rather than later," Ingevaldson said. "But there's no horizon on some of these things." Uncertain about attack Security watchdogs said there is no way of knowing if or when an attack might take place. They urged users not to gamble and install the patch quickly. The latest versions of Windows XP prompt users to do this automatically, but those with older versions should visit www.windowsupdate.com to get the download. Tag: current scan by SPYBOT Tag: 26564
  - 17
    - Security Update Looking for ideas...the MS license agreement window is minimized when I try to update the latest patch. I can scroll the agreement but cannot summons the acceptance box to move forward. No way to expand the box to see it! Thanks for any help! Tag: current scan by SPYBOT Tag: 26562
  - 18
    - Message attacks I seem to get a messenger service popup ad. This ad seems to crash all programs that I am running. The ad states "Message from SYSTEM ALERT to UNSAFE USER on 8/4/2003 7:52PM Did you know that there is a one-Click easy way to stop these pop-ups FOREVER? For free information, please visit http://www.MessengerKiller.com" This annoying message pops up constantly. And when i go to this website, they have a service to prevent pop-up messages for a FEE!! I really dont know what to do. Norton Anti Virus has detected no virsus. Norton Internet security is at full. Window Privacy is at HIGH.. Any suggestions? Tag: current scan by SPYBOT Tag: 26559
  - 19
    - Windows Update Hi there. I have Windows XP Home edition with SP1 installed. I know there are new xp updates but my computer says there are non available when I use the update windows function. Please can anyone advise? Regards, Ian Tag: current scan by SPYBOT Tag: 26557
  - 20
    - Windows 2003 server lockdown OK.... so the MS Web site has LOTS of stuff on 2003 lockdown... but it all seems to focus on GPO settings. Can anyone find anything about what the recommended file permissions are? Or is it assumed that what comes out of the box is good enough? (Actually, if I knew what came out of the box - that would be handy too!!) Alternatively, does anyone know of a source other than Microsoft that has defined their own set of permissions? Tag: current scan by SPYBOT Tag: 26547
  - 21
    - Administrator Security O/S Windowa XP Pro. While adding a password for the Administrator I clicked the check box that blocks any user, accept the administrator, from viewing the Administrator documents. Now when I reboot, the Administrator logon icon no longer appears. How can this be undone? Tag: current scan by SPYBOT Tag: 26546
  - 22
    - Popups We are constantly getting unwanted pop-ups on our computer. We recieve them while on and off line. There are many, here are a few: www. Max Sales.Net www. Messenger killer.com www. Messager buster.com Any ideas as to how to get rid of these? Thanks, Tom Tag: current scan by SPYBOT Tag: 26545
  - 23
    - Suggestion to MS regarding recent Security Warning Microsoft seems to be very concerned about the latest vulnerability. Both MS and the US government have issued warnings regarding this vulnerability. My suggestion to Microsoft: release a benevolent worm that would scan for and attack all open ports and give the user a message indicating they have been attacked and giving them a method for correcting the situation. If MS believes an attack is inevitable, beat the hackers to the attack with something that will not negatively impace a lot of people/companies. Tag: current scan by SPYBOT Tag: 26544
  - 24
    - looking fo MD5 hash results for XP (home e. ) I=B4ve just instaled a personal firewall in my Xp Home=20 edition. Don=B4t now if previously I got a trojan so wat to=20 check the MD5 results of the binaries. I think I maintain the OS at the lates version.=20 winver command sais my current release is=20 Version 5.1 ( Build 2600.xpsp2.030422-1633 : Service=20 Pack 1. Does enyhere Microsoft publish "officially" this data? Thanks in advance to all. Rgds Pablo Tag: current scan by SPYBOT Tag: 26536
  - 25
    - Internet Options Tools Removed This has been posted several times by many uesers. I was wondering if you have any solution ideas. The ones that have been provided have not worked from what I can see? You suggest going to regedit and search for nobrowseroptions - Is there anyway to restore my Internet Options Tools? thanks Tag: current scan by SPYBOT Tag: 26533

the following results are being displayed by SPYBOT
i am concerned about being exploited by undesireables
what does it mean and what should i do about it?
>>>>>>>>>>>>>
DSO Exploit: Data source object exploit
HKEY_USERS\S-1-5-18
\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004=W=3

>>>>>>>>>>>>>
Company: Microsoft
Product: Internet Explorer
Threat: Security hole

Company URL: http://www.microsoft.com/
Company product URL: http://www.microsoft.com/windows/ie/
Company privacy URL:
http://www.microsoft.com/info/privacy.htm

Description
There's a security hole in IE allowing websites to execute
code without asking you first. You can find more
information at http://security.greymagic.com/adv/gm001-ie/

>>>>>>>>>>>>>

thanks for ANY response
JHFoster
Tulsa, Ok

Top