**** OCTOBER SECURITY ISSUES [I think this our new once a month Security

HotFix & Bulletin Search:
http://www.microsoft.com/technet/security/current.asp?frame=true


October 2003

--------------------------------------------------------------------------------
MS03-047 : Vulnerability in Exchange Server 5.5 Outlook Web Access Could
Allow Cross-Site Scripting Attack (828489)
MODERATE

MS03-046 : Vulnerability in Exchange Server Could Allow Arbitrary Code
Execution (822363)
CRITICAL

MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control
Could Allow Code Execution (824141)
IMPORTANT

MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead
to System Compromise (825119)
CRITICAL

MS03-043 : Buffer Overrun in Messenger Service Could Allow Code
Execution (828035)
CRITICAL

MS03-042 : Buffer Overflow in Windows Troubleshooter ActiveX Control
Could (826232)
CRITICAL

MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote
Code Execution (823182)
CRITICAL

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your
patches. Demand better security from vendors and hold them
responsible. Use what you have, and make sure you know how
to use it properly and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt

Susan
Wed Oct 15 12:27:04 CDT 2003

Yup this is our new once a month bulletin series

http://www.microsoft.com/technet/security/bulletin/winoct03.asp



http://www.microsoft.com/technet/security/bulletin/excoct03.asp



Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

> HotFix & Bulletin Search:
> http://www.microsoft.com/technet/security/current.asp?frame=true
>
>
> October 2003
>
> --------------------------------------------------------------------------------
>
> MS03-047 : Vulnerability in Exchange Server 5.5 Outlook Web Access Could
> Allow Cross-Site Scripting Attack (828489)
> MODERATE
>
> MS03-046 : Vulnerability in Exchange Server Could Allow Arbitrary Code
> Execution (822363)
> CRITICAL
>
> MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control
> Could Allow Code Execution (824141)
> IMPORTANT
>
> MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead
> to System Compromise (825119)
> CRITICAL
>
> MS03-043 : Buffer Overrun in Messenger Service Could Allow Code
> Execution (828035)
> CRITICAL
>
> MS03-042 : Buffer Overflow in Windows Troubleshooter ActiveX Control
> Could (826232)
> CRITICAL
>
> MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote
> Code Execution (823182)
> CRITICAL
>

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your
patches. Demand better security from vendors and hold them
responsible. Use what you have, and make sure you know how
to use it properly and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt

Susan
Wed Oct 15 12:27:21 CDT 2003

Yup this is our new once a month bulletin series

http://www.microsoft.com/technet/security/bulletin/winoct03.asp



http://www.microsoft.com/technet/security/bulletin/excoct03.asp



Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

> HotFix & Bulletin Search:
> http://www.microsoft.com/technet/security/current.asp?frame=true
>
>
> October 2003
>
> --------------------------------------------------------------------------------
>
> MS03-047 : Vulnerability in Exchange Server 5.5 Outlook Web Access Could
> Allow Cross-Site Scripting Attack (828489)
> MODERATE
>
> MS03-046 : Vulnerability in Exchange Server Could Allow Arbitrary Code
> Execution (822363)
> CRITICAL
>
> MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control
> Could Allow Code Execution (824141)
> IMPORTANT
>
> MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead
> to System Compromise (825119)
> CRITICAL
>
> MS03-043 : Buffer Overrun in Messenger Service Could Allow Code
> Execution (828035)
> CRITICAL
>
> MS03-042 : Buffer Overflow in Windows Troubleshooter ActiveX Control
> Could (826232)
> CRITICAL
>
> MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote
> Code Execution (823182)
> CRITICAL
>

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your
patches. Demand better security from vendors and hold them
responsible. Use what you have, and make sure you know how
to use it properly and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt

Trell
Thu Oct 16 12:27:48 CDT 2003

A quick question Susan: I have 5 patches to install on my SBS4.5 server.
Can I install all of them one after the other and do a single reboot after
all are installed, or must I restart the server after each patch is
installed?

Thanks,
Reid


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:3F8D8368.5050703@pacbell.net...
> Yup this is our new once a month bulletin series
>
> http://www.microsoft.com/technet/security/bulletin/winoct03.asp
>
>
>
> http://www.microsoft.com/technet/security/bulletin/excoct03.asp
>

Susan
Sat Oct 18 02:16:16 CDT 2003

I installed all 5 via Shavlik in one shot. No need to reboot after each
one.

Trell wrote:

> A quick question Susan: I have 5 patches to install on my SBS4.5 server.
> Can I install all of them one after the other and do a single reboot after
> all are installed, or must I restart the server after each patch is
> installed?
>
> Thanks,
> Reid
>
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> wrote in message news:3F8D8368.5050703@pacbell.net...
>
>>Yup this is our new once a month bulletin series
>>
>>http://www.microsoft.com/technet/security/bulletin/winoct03.asp
>>
>>
>>
>>http://www.microsoft.com/technet/security/bulletin/excoct03.asp
>>
>
>
>

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your patches.
Demand better security from vendors and hold them responsible.
Use what you have, and make sure you know how to use it properly
and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt

James
Sun Oct 19 23:19:11 CDT 2003

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> I installed all 5 via Shavlik in one shot. No need to reboot after
> each one.

...but note that this doesn't exactly quality as best practice - if your box
won't boot, you don't know which patch caused the trouble. See the thread
entitled "*** WARNING ! Re: security Update !" started on 15 October 2003 by
Henry Craven.

If you want to be safe, apply them one at a time, with a reboot after each
patch, checking the event logs before and after each patch. Of course it's
more work.... but how well tested was your disaster recovery plan again?
:-)

James

Henry
Mon Oct 20 07:28:25 CDT 2003

I'd have to concur with you on that.

We re-imaged the Box and did a 1x1 Updates install - no problems.
Re-Imaged and did a bulk update from HFNetchek this time - Blowout.
Locking on Startup and BSODs on all Safe boots.
Again re-imaged and 1x1 installs, and no problems.

...so while we're no wiser as to what caused it, 1x1 seems to be the way
to go. Slow, but at least the clients get updated this week now that we
know the 1x1 Update will work. - Think we'll save 1x1 though for when a
bulk test install blows out. - clients aren't on -that- good a contract,
and we haven't had an update go bad for quite a while till now. Just
glad we test before we run them out.

---
Henry Craven



"James Reather" <james.news@reather.com> wrote in message
news:%23zziSFslDHA.2772@TK2MSFTNGP10.phx.gbl...
> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> > I installed all 5 via Shavlik in one shot. No need to reboot after
> > each one.
>
> ...but note that this doesn't exactly quality as best practice - if
your box
> won't boot, you don't know which patch caused the trouble. See the
thread
> entitled "*** WARNING ! Re: security Update !" started on 15 October
2003 by
> Henry Craven.
>
> If you want to be safe, apply them one at a time, with a reboot after
each
> patch, checking the event logs before and after each patch. Of course
it's
> more work.... but how well tested was your disaster recovery plan
again?
> :-)
>
> James
>
>

Kevin
Mon Oct 20 08:48:10 CDT 2003

I installed all the same updates to my SBS2000 server at home at one time
via HfNetChkLt with no problems. I ran HfNetChk from a workstation, and had
manually disabled all Exchange services prior to doing the updates.
-kw

"Henry Craven" <IUnknown@d.com> wrote in message
news:%230O6OcwlDHA.2676@TK2MSFTNGP11.phx.gbl...
> I'd have to concur with you on that.
>
> We re-imaged the Box and did a 1x1 Updates install - no problems.
> Re-Imaged and did a bulk update from HFNetchek this time - Blowout.
> Locking on Startup and BSODs on all Safe boots.
> Again re-imaged and 1x1 installs, and no problems.
>
> ...so while we're no wiser as to what caused it, 1x1 seems to be the way
> to go. Slow, but at least the clients get updated this week now that we
> know the 1x1 Update will work. - Think we'll save 1x1 though for when a
> bulk test install blows out. - clients aren't on -that- good a contract,
> and we haven't had an update go bad for quite a while till now. Just
> glad we test before we run them out.
>
> ---
> Henry Craven
>
>
>
> "James Reather" <james.news@reather.com> wrote in message
> news:%23zziSFslDHA.2772@TK2MSFTNGP10.phx.gbl...
> > Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> > > I installed all 5 via Shavlik in one shot. No need to reboot after
> > > each one.
> >
> > ...but note that this doesn't exactly quality as best practice - if
> your box
> > won't boot, you don't know which patch caused the trouble. See the
> thread
> > entitled "*** WARNING ! Re: security Update !" started on 15 October
> 2003 by
> > Henry Craven.
> >
> > If you want to be safe, apply them one at a time, with a reboot after
> each
> > patch, checking the event logs before and after each patch. Of course
> it's
> > more work.... but how well tested was your disaster recovery plan
> again?
> > :-)
> >
> > James
> >
> >
>
>

Henry
Mon Oct 20 17:35:59 CDT 2003

There you go, definitely a case of YMMV.

I certainly wasn't expecting it to fail for everyone.
The Uproar would be deafening, but we're not alone,
and so an advisory to take care is "probably" justified.

The very reason we got caught is because we -hadn't-
had problems with updates in so long, and had got into
the habit or installing in Batches.

Glad you weren't, and hope you don't get, bitten.

--
Henry Craven


"Kevin Weilbacher" <kweilbac@gte.net> wrote in message
news:ecx8NDxlDHA.1072@TK2MSFTNGP09.phx.gbl...
> I installed all the same updates to my SBS2000 server at home at one
time
> via HfNetChkLt with no problems. I ran HfNetChk from a workstation,
and had
> manually disabled all Exchange services prior to doing the updates.
> -kw

Kevin
Wed Oct 22 06:26:59 CDT 2003

Henry,

I just did a second server, apply all patches at once - without a problem.
This customer did not have HfNetChk installed, so I did it just using
Windows Update, and it all worked fine. Again, I reboot first, then stop IIS
and all Exchange services, then apply the patches, then reboot.

Sorry your experience wasn't as clean, and certainly your heads up and
warning was heeded!
Thanks
kw

"Henry Craven" <IUnknown@d.com> wrote in message
news:ezTf8o1lDHA.2436@TK2MSFTNGP09.phx.gbl...
> There you go, definitely a case of YMMV.
>
> I certainly wasn't expecting it to fail for everyone.
> The Uproar would be deafening, but we're not alone,
> and so an advisory to take care is "probably" justified.
>
> The very reason we got caught is because we -hadn't-
> had problems with updates in so long, and had got into
> the habit or installing in Batches.
>
> Glad you weren't, and hope you don't get, bitten.
>
> --
> Henry Craven
>
>
> "Kevin Weilbacher" <kweilbac@gte.net> wrote in message
> news:ecx8NDxlDHA.1072@TK2MSFTNGP09.phx.gbl...
> > I installed all the same updates to my SBS2000 server at home at one
> time
> > via HfNetChkLt with no problems. I ran HfNetChk from a workstation,
> and had
> > manually disabled all Exchange services prior to doing the updates.
> > -kw
>
>

Henry
Wed Oct 22 07:55:49 CDT 2003

It was the Workstations that got totally hosed, the Servers just needed
a few reboots, but gave us a bit of a scare just the same.

I'm not seeing any more problems here with the upgrades, but then I'm
not taking any chances either. 1x1 easy does it.It's taking longer, but
a lot less time than rebuilding Workstations.

Hope it continues to go well for you.

--
Henry Craven
------------------
31 Oct = 25 Dec


"Kevin Weilbacher" <kweilbac@gte.net> wrote in message
news:Owomp9ImDHA.1244@TK2MSFTNGP11.phx.gbl...
> Henry,
>
> I just did a second server, apply all patches at once - without a
problem.
> This customer did not have HfNetChk installed, so I did it just using
> Windows Update, and it all worked fine. Again, I reboot first, then
stop IIS
> and all Exchange services, then apply the patches, then reboot.
>
> Sorry your experience wasn't as clean, and certainly your heads up and
> warning was heeded!
> Thanks
> kw
>