This report details missing critical patches to Windows.
These are obtained via AutoUpdate and/or WindowsUpdate.
Please use these facilities, and download all offered Critical patches.
Microsoft Antispyware does not substitute for any of the three primary
protective steps we all need to take with our computers:
www.microsoft.com/protect
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
"Steve" <(E-Mail Removed)> wrote in message
news:433101c520df$5a467550$(E-Mail Removed)...
> Why is my Spyware not working. I have been using it for a
> long time and it finds nothing and yet today I run
> TrendMicro free online spyware and it finds 15 issues
> (below).
>
> What is the problem? I thought about buying the real
> version but not sure now.
>
>
> Steve
>
> Results:
> We have detected 15 vulnerability/vulnerabilities on your
> computer.
> Risk Level Issue How to Fix
> Critical This security update addresses and resolves a
> vulnerability in Internet Explorer that could allow remote
> code execution. A Web page can be crafted to exploit this
> vulnerability such that an arbitrary application can be
> executed on visiting systems with the same priviledge as
> the currently logged on user. MS04-040
> Important This security advisory explains the two
> discovered vulnerabilities in Microsoft Word for Windows
> 6.0 Converter, which is used by WordPad in converting Word
> 6.0 to WordPad file format. Once exploited, this remote
> code execution vulnerability could allow a malicious user
> or a malware to take complete control of the affected
> system if the affected user is currently logged on with
> administrative privileges. MS04-041
> Critical A remote code execution vulnerability exists in
> HyperTerminal because of a buffer overrun. If a user is
> logged on with administrator privileges, an attacker could
> exploit the vulnerability by constructing a malicious
> HyperTerminal session file that could potentially allow
> remote code execution and then persuade a user to open
> this file. This malicious file may enable the attacker to
> gain complete control of the affected system. This
> vulnerability could also be exploited through a malicious
> Telnet URL if HyperTerminal had been set as the default
> Telnet client. MS04-043
> Important This security update addresses and resolves two
> windows vulnerabilites, both of which may enable the
> current user to take control of the affected system. Both
> of these vulnerabilites require that the curernt user be
> able to log on locally and execute programs. They cannot
> be exploited remotely, or by anonymous users. A privilege
> elevation vulnerability exists in the way that the Windows
> Kernel launches applications. This vulnerability could
> allow the current user to take complete control of the
> system. A privilege elevation vulnerability exists in the
> way that the LSASS validates identity tokens. This
> vulnerability could allow the current user to take
> complete control of the affected system. MS04-044
> Critical This update resolves a newly-discovered, publicly
> reported vulnerability. A vulnerability exists in the HTML
> Help ActiveX control in Windows that could allow
> information disclosure or remote code execution on an
> affected system. MS05-001
> Critical This update resolves several newly-discovered,
> privately reported and public vulnerabilities. An attacker
> who successfully exploited the most severe of these
> vulnerabilities could take complete control of an affected
> system, install programs, view, change, or delete data, or
> create new accounts that have full privileges. MS05-002
> Important This update resolves a newly-discovered,
> privately reported vulnerability. An attacker who
> successfully exploited this vulnerability could take
> complete control of an affected system. An attacker could
> then install programs, view, change, or delete data, or
> create new accounts with full privileges. While remote
> code execution is possible, an attack would most likely
> result in a denial of service condition. MS05-003
> Important A vulnerability in ASP.NET allows an attacker to
> bypass the security of an ASP.NET Web site, and access a
> machine. The attacker gains unauthorized access to some
> areas of the said Web site, and is able to control it
> accordingly. The actions that the attacker could take
> would depend on the specific content being protected.
> MS05-004
> Important This remote code execution vulnerability exists
> in the way Windows handles drag-and-drop events. An
> attacker could exploit the vulnerability by constructing a
> malicious Web page that could potentially allow an
> attacker to save a file on the users system if a user
> visited a malicious Web site or viewed a malicious e-mail
> message. MS05-008
> Critical This remote code execution vulnerability exists
> in the processing of PNG image formats. An attacker who
> successfully exploits this vulnerability could take
> complete control of an affected system. MS05-009
> Critical This remote code execution vulnerability exists
> in Server Message Block (SMB). It allows an attacker who
> successfully exploits this vulnerability to take complete
> control of the affected system. MS05-011
> Critical This privilege elevation vulnerability exists in
> the way that the affected operating systems and programs
> access memory when they process COM structured storage
> files. This vulnerability could grant a currently logged-
> on user to take complete control of the system.;This
> remote code execution vulnerability exists in OLE because
> of the way that it handles input validation. An attacker
> could exploit the vulnerability by constructing a
> malicious document that could potentially allow remote
> code execution. MS05-012
> Critical This vulnerability exists in the DHTML Editing
> Component ActiveX Control. This vulnerability could allow
> information disclosure or remote code execution on an
> affected system. MS05-013
> Critical This update resolves known vulnerabilities
> affecting Internet Explorer. An attacker who successfully
> exploits these vulnerabilities could take complete control
> of an affected system. An attacker could then install
> programs; view, change, or delete data; or create new
> accounts with full user rights. MS05-014
> Critical A remote code execution vulnerability exists in
> the Hyperlink Object Library. This problem exists because
> of an unchecked buffer while handling hyperlinks. An
> attacker could exploit the vulnerability by constructing a
> malicious hyperlink which could potentially lead to remote
> code execution if a user clicks a malicious link within a
> Web site or e-mail message. MS05-015
>
>
>
Similar Threads
