Microsoft puts out three patches

Microsoft puts out three patches

offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

Robert Lemos
CNET News.com
January 14, 2004, 08:35 GMT

The software giant has released fixes for three security flaws

Microsoft released patches on Tuesday for three flaws, the most serious of which could give attackers a back door into the company's security server product.

The most major flaw affects Microsoft's Internet Security and Acceleration Server 2000, which is included with Small Business Server 2000 and 2003 editions. The flaw lies in the way a filter in the server product's firewall processes data formatted in the real-time multimedia communications standard, known as International Telecommunications Union (ITU) H.323.

Internet Security and Acceleration Server is designed to help protect companies' networks from online attacks.

"It is kind of the same situation that we have seen -- a certain level of human error is going to be present, and that is true even for security software," said Stephen Toulouse, security program manager at Microsoft.

The H.323 flaw was found by the National Infrastructure Security Co-ordination Centre, the United Kingdom's Internet infrastructure protection agency, and researchers from the University of Oulu, in Finland.

Many companies, primarily makers of voice over Internet Protocol equipment, are also likely to be affected by the issue -- but to a lesser extent than Microsoft's product.

The other flaws the software giant announced include a vulnerability in the Microsoft Data Access Component software in Windows 2000 and XP, along with Microsoft's SQL Server 2000 and Windows Server 2003. The flaw could allow an attacker to take over a vulnerable system -- only after successfully disguising the attacking computer as an SQL server. Because of the complexity of the attack, Microsoft graded the flaw as "important," not critical.

The last vulnerability, in Exchange Server 2003, allows an attacker to abuse the Online Web Access module to access the email in-box of another random user who recently accessed the server.

"The end result is that an attacker could, under certain circumstances, get access to a complete random user," Microsoft's Toulouse said.

Microsoft posted discussions and patches for the products on its Web site and will automatically provide fixes to its customers through its update service.

Along with the three vulnerabilities, Microsoft re-released another patch that had caused computers that run Windows in Hebrew, Arabic and Thai to crash.



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Ko je trenutno na forumu
 

Ukupno su 815 korisnika na forumu :: 38 registrovanih, 9 sakrivenih i 768 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ArmyBoss, Bane san, bankulen, Doca, Dukelander, FOX, GUARIN, HrcAk47, indja, Insan, kovinacc, krkalon, Krusarac, lidija2011, ljubo70, manda87, Marko Marković, MB120mm, Mixelotti, nuke92, panonski mornar, Recce, Regrut Boskica, RJ, Rumba King, sakota79, segax1, shone34, Sirius, suton, Toni, Trpe Grozni, Uki19989, Vlada1389, VP6919, Vule, W123