Welcome to ShastaCOE.org. Skip directly to: Site Menu, Page Menu, Page Content
Welcome to ShastaCOE.org. Skip directly to: Site Menu, Page Menu, Page Content
The Network Operations Center maintains an archive of significant events that affect our customers. Customer Advisories may be informational or recommend the customer take specific action.
8/20/2003 - Microsoft Security Bulletin MS03-032: Cumulative Patch for Internet Explorer (Q822925). A number of security issues have been identified in Microsoft® Internet Explorer that could allow an attacker to compromise a Microsoft Windows®-based system and then take a variety of actions. For example, an attacker could run programs on a computer used to view the attacker's Web site. This vulnerability affects computers that have Internet Explorer installed. (You do not have to be using Internet Explorer as your Web browser to be affected by this issue.)
8/20/2003 - Microsoft Security Bulletin MS03-033: Unchecked Buffer in MDAC Function Could Enable System Compromise (Q823718). A security issue has been identified in Microsoft® Data Access Components (MDAC) that could allow an attacker to compromise a Microsoft Windows®-based system and then take a variety of actions, including executing code.9/3/2003 - Microsoft Security Bulletin MS03-037: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715). A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host application. A buffer overrun exists which if exploited successfully could allow an attacker to execute code of their choice in the context of the logged on user.9/3/2003 - Microsoft Security Bulletin MS03-035: Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653). A macro is a series of commands and instructions that can be grouped together as a single command to accomplish a task automatically. Microsoft Word supports the use of macros to allow the automation of commonly performed tasks. Since macros are executable code it is possible to misuse them, so Microsoft Word has a security model designed to validate whether a macro should be allowed to execute depending on the level of macro security the user has chosen. A vulnerability exists because it is possible for an attacker to craft a malicious document that will bypass the macro security model. If the document was opened, this flaw could allow a malicious macro embedded in the document to be executed automatically, regardless of the level at which macro security is set. The malicious macro could take the same actions that the user had permissions to carry out, such as adding, cha9/3/2003 - Microsoft Security Bulletin MS03-038: Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution(827104). With Microsoft Access Snapshot Viewer, you can distribute a snapshot of a Microsoft Access database that allows the snapshot to be viewed without having Access installed. For example, a customer may want to send a supplier an invoice that is generated by using an Access database. With Microsoft Access Snapshot Viewer, the customer can package the database so that the supplier can view it and print it without having Access installed. A vulnerability exists because of a flaw in the way that Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can occur, which could allow an attacker to execute the code of their choice in the security context of the logged-on user.9/10/2003 - Microsoft Security Bulletin MS03-039: Buffer Overrun In RPCSS Service Could Allow Code Execution (824146). The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There are three identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service.8/11/2003 - The CERT/CC is receiving reports of widespread activity related to a new piece of malicious code known as W32/Blaster. This worm appears to exploit known vulnerabilities in the Microsoft Remote Procedure Call (RPC) Interface.8/20/2003 - Microsoft Security Bulletin MS03-030: Unchecked Buffer in DirectX Could Enable System Compromise (Q819696). A security issue has been identified in Microsoft® DirectX® that could allow an attacker to run programs on a computer running Microsoft Windows®. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site.9/10/2003 - Microsoft Security Bulletin MS03-039: Buffer Overrun In RPCSS Service Could Allow Code Execution (824146). The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There are three identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service.
9/3/2003 - Microsoft Security Bulletin MS03-037: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715). A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host application. A buffer overrun exists which if exploited successfully could allow an attacker to execute code of their choice in the context of the logged on user.9/3/2003 - Microsoft Security Bulletin MS03-035: Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653). A macro is a series of commands and instructions that can be grouped together as a single command to accomplish a task automatically. Microsoft Word supports the use of macros to allow the automation of commonly performed tasks. Since macros are executable code it is possible to misuse them, so Microsoft Word has a security model designed to validate whether a macro should be allowed to execute depending on the level of macro security the user has chosen. A vulnerability exists because it is possible for an attacker to craft a malicious document that will bypass the macro security model. If the document was opened, this flaw could allow a malicious macro embedded in the document to be executed automatically, regardless of the level at which macro security is set. The malicious macro could take the same actions that the user had permissions to carry out, such as adding, cha9/3/2003 - Microsoft Security Bulletin MS03-038: Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution(827104). With Microsoft Access Snapshot Viewer, you can distribute a snapshot of a Microsoft Access database that allows the snapshot to be viewed without having Access installed. For example, a customer may want to send a supplier an invoice that is generated by using an Access database. With Microsoft Access Snapshot Viewer, the customer can package the database so that the supplier can view it and print it without having Access installed. A vulnerability exists because of a flaw in the way that Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can occur, which could allow an attacker to execute the code of their choice in the security context of the logged-on user.8/20/2003 - Microsoft Security Bulletin MS03-032: Cumulative Patch for Internet Explorer (Q822925). A number of security issues have been identified in Microsoft® Internet Explorer that could allow an attacker to compromise a Microsoft Windows®-based system and then take a variety of actions. For example, an attacker could run programs on a computer used to view the attacker's Web site. This vulnerability affects computers that have Internet Explorer installed. (You do not have to be using Internet Explorer as your Web browser to be affected by this issue.)8/20/2003 - Microsoft Security Bulletin MS03-033: Unchecked Buffer in MDAC Function Could Enable System Compromise (Q823718). A security issue has been identified in Microsoft® Data Access Components (MDAC) that could allow an attacker to compromise a Microsoft Windows®-based system and then take a variety of actions, including executing code.8/20/2003 - Microsoft Security Bulletin MS03-030: Unchecked Buffer in DirectX Could Enable System Compromise (Q819696). A security issue has been identified in Microsoft® DirectX® that could allow an attacker to run programs on a computer running Microsoft Windows®. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site.8/11/2003 - The CERT/CC is receiving reports of widespread activity related to a new piece of malicious code known as W32/Blaster. This worm appears to exploit known vulnerabilities in the Microsoft Remote Procedure Call (RPC) Interface.A Service of the Shasta County Office of Education
Colophon: ©2003. v2.0.0. XHTML 1.1*, CSS 2.0, 508.
Note: Shastalink.com content is accessible to all versions of every browser. However, this browser may not support basic Web standards, preventing the display of our site's design details. We support the mission of the Web Standards Project in the campaign encouraging users to upgrade their browsers. (Read More)
Shastalink.com/Shasta County Office of Education