homepage Welcome to WebmasterWorld Guest from 54.235.29.110
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
Forum Library, Charter, Moderators: ocean10000

Microsoft IIS Web Server and ASP.NET Forum

    
Major Microsoft Patch
Xoc




msg:943505
 10:31 pm on Feb 10, 2004 (gmt 0)

[apnews.myway.com...]

"This is one of the most serious Microsoft vulnerabilities ever released," said Marc Maiffret of eEye Digital Security Inc. of Aliso Viejo, Calif., which discovered the new Windows flaws. "The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks, pretty much any system."

Download the patch from the [windowsupdate.microsoft.com ] web site.

 

bakedjake




msg:943506
 10:37 pm on Feb 10, 2004 (gmt 0)

She ain't up on Windows Update yet... (At least for Win2K server)

Direct link to bulletin: [microsoft.com...]

Patches available there.

Edit 5:38 PM ET: It just went up on Windows Update.

markus007




msg:943507
 4:22 am on Feb 11, 2004 (gmt 0)

its up for 2k server, i patched mine this morning.

It only effects you if you have a certain DLL installed

adfree




msg:943508
 10:07 am on Feb 11, 2004 (gmt 0)

Patched WIN Server 2000 Advanced and XP Pro without problem.
Horror scenario: system crash with new OS installation, I got ISDN at home only, how many patches will I have to download, install then?
Would take me a week I think...

rehabguy




msg:943509
 1:13 pm on Feb 11, 2004 (gmt 0)

I downloaded the latest patches last night and now my Windows 2000 computer won't boot up, even in safe mode.

I guess my computer is finally secure - it won't work.

Thanks Bill!

transactiongeek




msg:943510
 3:08 pm on Feb 11, 2004 (gmt 0)

"To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required."

It's on my w2k box: c:\winnt\system32\msasn1.dll

silane




msg:943511
 5:30 pm on Feb 11, 2004 (gmt 0)

My server was hacked about about 12 hours ago, the hacker deleted my account and created a new user. I have to guess the password, and managed to get it correct.

258cib




msg:943512
 8:07 pm on Feb 11, 2004 (gmt 0)

Meanwhile, the recent IE patch is causing serious problems.

For example, AMS has told its buyers and vendors who install the patch may be taken to a screen saying that they are using an unsupported browser or shown a screen with the text "System Development Mode" on it, or may be given an "Internal Server Error" message when trying to respond to a quote.

They say:
"There is not an official Microsoft workaround available at this time. However, we have found that some users are able to return to (the site) by first clicking the browser "Refresh" button and then answering "Yes" when asked if they would like to 'Retry'.

AMS is working with Microsoft directly to determine what can be done to resolve this problem. Again, this is only a problem if a user has the patch installed on their computer. Users with Internet Explorer without the patch are NOT experiencing the problem.

PCInk




msg:943513
 10:03 pm on Feb 11, 2004 (gmt 0)

Hmmmm, cause of critical problem? - Unchecked buffer.

Mr Gates, can you sack any employee who does not check there buffers correctly in future programs you write. Thank you.

plumsauce




msg:943514
 10:37 pm on Feb 11, 2004 (gmt 0)


silane


My server was hacked about about 12 hours ago

was that due to this particular vulnerability,
or another route?

+

silane




msg:943515
 7:41 am on Feb 12, 2004 (gmt 0)

not too sure, but I alway patch my server as soon as patches are released.

This time, I haven't got a chance to patch it, and the server was hacked.

nativenewyorker




msg:943516
 12:02 pm on Feb 12, 2004 (gmt 0)

Xoc said:

"The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks, pretty much any system."

The really scary thing is Diebold, one of the world's largest maker of ATMs has incorporated Windows into their products. This makes me extremely nervous about keeping my money in the bank.

Wired News: Windows to Power ATMs in 2005 [wired.com]

PatrickDeese




msg:943517
 5:48 pm on Feb 16, 2004 (gmt 0)

They're reporting the first exploit from the source code:

[securitytracker.com...]

plumsauce




msg:943518
 11:38 pm on Feb 16, 2004 (gmt 0)


ATM's already use Windows NT.

They have in the past been hacked from internal
access paths. These boxes are network accessible
only through secure paths, *but* it was presumed
that the bank internal network was secure. A
trojaned system that was *not* an atm, but on the
internal network was used to access the atm.

+++

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved