OT: Microsoft Security Bulletin Release - November 11, 2003

[Rita Nikas [MSFT]]

Hi all.

I wanted to be sure you were all aware of this security-related information.

Rita Nikas
Microsoft MVP Lead
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

====================================

Today Microsoft released the following Security Bulletins.

Note: http://www.microsoft.com/technet/security and
http://www.microsoft.com/security are authoritative in all matters
concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup
posting (including this one) should be verified by visiting these sites for
official information. Microsoft never sends security or other updates as
attachments. These updates must be downloaded from the microsoft.com
download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.

Bulletins Summaries:

Windows -
http://www.microsoft.com/technet/security/bulletin/winnov03.asp
Office -
http://www.microsoft.com/technet/security/bulletin/offnov03.asp


Critical Bulletins:

MS03-048 - Cumulative Security Update for Internet Explorer (824145)
http://www.microsoft.com/technet/security/bulletin/MS03-048.asp

MS03-049 - Buffer Overrun in the Workstation Service Could Allow Code
Execution (828749)
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp

MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could
Allow Code Execution (813360)
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp


Important Bulletins:

MS03-050 - Vulnerability in Microsoft Word and Microsoft Excel Could Allow
Arbitrary Code to Run (831527)
http://www.microsoft.com/technet/security/bulletin/MS03-050.asp


In addition to the new bulletins above, the following Important bulletin was
re-released:

MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing
(Q329115)
http://www.microsoft.com/technet/security/bulletins/MS02-050.asp


This represents our regularly scheduled monthly bulletin release (second
Tuesday of each month). Please note that Microsoft may release bulletins out
side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.

 

[Chris Mills]

<sigh>
As is, No warranties, and No rights.

I read somewhere that MS stuff-ups were to be limited to once-a-month, or was
it once-a-week?

For goodness sake, Rita. All this virus crap may be true (certainly was in the
ng's hosted by MS which they could do nothing about!), but does everyone
really need to pay $400 IN ADDITION to buy a digital certificate for A2003?
(or open their macro setting)

Are you really a "lead"? I don't see so.
Best regards
(if you grab my balls don't be surprised if I squeeze your tits!)
Chris

 

[Chris Mills]

Hi all.

MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing
(Q329115)
http://www.microsoft.com/technet/security/bulletins/MS02-050.asp

"The page you're looking for has been moved or removed from the site."

Thanks, Rita, for the timely info !!!
You are faster or slower than the volatility of it!!!

 

[Marshall Barton]

<sigh>
As is, No warranties, and No rights.

Lighten up here. That stuff is required by the MS leagal
eagles in attempt to prevent frivilous lawsuits.

I read somewhere that MS stuff-ups were to be limited to once-a-month, or was
it once-a-week?

Timely info is more important than an arbitrary schedule.
After all, you are under no obligation to read Rita's posts.

For goodness sake, Rita. All this virus crap may be true (certainly was in the
ng's hosted by MS which they could do nothing about!), but does everyone
really need to pay $400 IN ADDITION to buy a digital certificate for A2003?
(or open their macro setting)

I think these digital certificates are going to be a serious
pain for a **lot** of folks, but that's no reason to beat up
on someone trying to explain some of these messy issues.
MS, the corporation, and Rita, MS Access & Excel MVP
coordinator/lead, may have very different views. No one
individual, much less Rita, controls MS corporate strategy
decisions.

You ire is misdirected.

Are you really a "lead"? I don't see so.

Yes, she is! And doing an excellent job too!

Best regards

[snip obnoxious comment]

 

[Chris Mills]

Lighten up here.

So I did, and when I woke up in the morning it still costs a further $400
over-and-above to run A2003.

marsh, mvp...what is a lead worth? she and her team has known about the
problem since beta days. should we be asking bill? yeah right

 

[Chris Mills]

Lighten up here.

So I did, and when I woke up in the morning it still costs a further $400
over-and-above to run A2003.

marsh, mvp...what is a lead worth? she and her team has known about the
problem since beta days. should we be asking bill? yeah right

 

[Marshall Barton]

So I did, and when I woke up in the morning it still costs a further $400
over-and-above to run A2003.

I don't know about the $400 and (hope?) I don't care as I
don't intend to set the security to a level that requires
them.

marsh, mvp...what is a lead worth? she and her team has known about the
problem since beta days. should we be asking bill? yeah right

Her "team" is product support and she's the lead coordinator
for Access and Excel MVPs (who are just ordinary(?) people
that spend a lot of time helping out in newsgroups). Rita
is not product development, not product manager, not
marketing and certainly not in control of MS security
policy.

My only suggestion is that you could take a more effective
approach in registering your feelings about digital
signatures if you weren't being so obnoxious to the wrong
person.

 

[Chris Mills]

Rita

is not product development, not product manager, not
marketing and certainly not in control of MS security
policy.

Yeah right. No-one is, of course.

Other eminent persons have tried your last approach. Right. Pity they can't
even be voted out.

 

[Joan Wild]

"The page you're looking for has been moved or removed from the site."

Thanks, Rita, for the timely info !!!
You are faster or slower than the volatility of it!!!

What, exactly, crawled up your butt?
Try

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-050.asp

 

[Chris Mills]

Why Microsoft of course! Itch itch.

PS tks for ref.

 

[Chris Mills]

what is a lead worth?

lead /n 9. the distance advanced by a screw in one turn.

 

[Chris Mills]

Rita
is not product development, not product manager, not
marketing and certainly not in control of MS security
policy.

That seems a lot of useless NOT's she is not, marsh, like much of PSS.
As born out by subsequent posts, she might as well not be there/here. MVP's
and other useful users I have some respect for.

D'ya want a debate? Seriously?
Chris Mills