TrendMicro results. What do I do now?

Snorky · 08-24-2005, 07:11 AM

Hi Guys

Trend Micro's hokey cokey 2000 new scanning options removed 3 spyware and identified the following vulnerabilities:

Moderate - This vulnerability enables a remote attacker to cause a denial of service or execute arbitrary code by sending a database query that contains certain long arguments. This is caused by a buffer overflow in the extended stored procedures for Microsoft SQL Server 7.0 and 2000. MS02-020

Highly Critical - This vulnerability allows a remote attacker to cause a denial of service by sending a keep-alive packet to the UDP port 1434 (Resolution Service). This is caused by the keep-alive mechanism of Microsoft SQL Server 2000, wherein two systems could enter an infinite exchange of keep-alive packets, which will lead to slow down of these systems.;This vulnerability allows a remote attacker to execute code in the security context of the SQL Server service. This is caused by multiple buffer overflows in SQL Server 2000 Resolution Service. MS02-039

Critical - This vulnerability enables a remote attacker to execute code via a malformed HTTP request to the Data Stub when the heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0 is triggered. MS02-065

Moderate - A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018

Critical - A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037

Critical - This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038

Microsoft Updates offered me the last one, MS05-038 which I've now installed. I've searched for the others and the first one MS02-020 offers me 2 choices but I don't know how to find which one I need. I can't yet find a download for MS05-037 for 98SE. The others seem straight forward enough.

Is there anything else I should do apart from install what I can and can anyone tell me how to find out whether to download the 7.00 or 2000 for the first update.

sUBs · 08-24-2005, 08:05 AM

It looks as if Trend is telling you that the computer requires patching. I believe you may get the updates from http://windowsupdate.microsoft.com

Snorky · 08-24-2005, 08:19 AM

Hi sUBs - Yeah I know but I've been updating for the last couple of years - I'd have thought I'd have got these (or at least the option) before now. Microsoft Updates tells me there are no updates to install so if TrendMicro is correct I have to search, select and install the right ones. I've found where to download most of them but don't know which to choose for the first one, 7.00 or 2000 - what's a SQL server anyway?

sUBs · 08-24-2005, 08:48 AM

I'm not familiar with the above software. It appears to be an add-on program you have installed. If you're not using it, you should uninstall/disable it.

Found some info about it here:

http://en.wikipedia.org/wiki/Microsoft_SQL_Server_2000
http://www.sqlteam.com/item.asp?ItemID=215
http://www.google.com/url?sa=t&ct=re...KM6CsQGZw4n2CA

Snorky · 08-24-2005, 09:38 AM

OK - thanks for that info. I haven't downloaded it myself - would it have come with anything e.g. Sage or is it something that would have to have been manually installed. It was created in July 2003 so may have been done by someone else. In the meantime I've found that it would be the 2000 version I need. If its not something I'd need for an accounting package then I'd get rid of it as its taking up valuable space.

08-24-2005, 07:11 AM	#1 (permalink)
Snorky Registered User Join Date: Sep 2004 Location: SWest UK Posts: 431 OS: Win XP/Win 98SE	TrendMicro results. What do I do now? Hi Guys Trend Micro's hokey cokey 2000 new scanning options removed 3 spyware and identified the following vulnerabilities: Moderate - This vulnerability enables a remote attacker to cause a denial of service or execute arbitrary code by sending a database query that contains certain long arguments. This is caused by a buffer overflow in the extended stored procedures for Microsoft SQL Server 7.0 and 2000. MS02-020 Highly Critical - This vulnerability allows a remote attacker to cause a denial of service by sending a keep-alive packet to the UDP port 1434 (Resolution Service). This is caused by the keep-alive mechanism of Microsoft SQL Server 2000, wherein two systems could enter an infinite exchange of keep-alive packets, which will lead to slow down of these systems.;This vulnerability allows a remote attacker to execute code in the security context of the SQL Server service. This is caused by multiple buffer overflows in SQL Server 2000 Resolution Service. MS02-039 Critical - This vulnerability enables a remote attacker to execute code via a malformed HTTP request to the Data Stub when the heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0 is triggered. MS02-065 Moderate - A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018 Critical - A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037 Critical - This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038 Microsoft Updates offered me the last one, MS05-038 which I've now installed. I've searched for the others and the first one MS02-020 offers me 2 choices but I don't know how to find which one I need. I can't yet find a download for MS05-037 for 98SE. The others seem straight forward enough. Is there anything else I should do apart from install what I can and can anyone tell me how to find out whether to download the 7.00 or 2000 for the first update.

08-24-2005, 08:05 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,489 OS: N/A	It looks as if Trend is telling you that the computer requires patching. I believe you may get the updates from http://windowsupdate.microsoft.com __________________ Question - what have you done for the community today?

08-24-2005, 08:48 AM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,489 OS: N/A	I'm not familiar with the above software. It appears to be an add-on program you have installed. If you're not using it, you should uninstall/disable it. Found some info about it here: http://en.wikipedia.org/wiki/Microsoft_SQL_Server_2000 http://www.sqlteam.com/item.asp?ItemID=215 http://www.google.com/url?sa=t&ct=re...KM6CsQGZw4n2CA __________________ Question - what have you done for the community today?

08-24-2005, 08:19 AM	#3 (permalink)
Snorky Registered User Join Date: Sep 2004 Location: SWest UK Posts: 431 OS: Win XP/Win 98SE	Hi sUBs - Yeah I know but I've been updating for the last couple of years - I'd have thought I'd have got these (or at least the option) before now. Microsoft Updates tells me there are no updates to install so if TrendMicro is correct I have to search, select and install the right ones. I've found where to download most of them but don't know which to choose for the first one, 7.00 or 2000 - what's a SQL server anyway?

08-24-2005, 09:38 AM	#5 (permalink)
Snorky Registered User Join Date: Sep 2004 Location: SWest UK Posts: 431 OS: Win XP/Win 98SE	OK - thanks for that info. I haven't downloaded it myself - would it have come with anything e.g. Sage or is it something that would have to have been manually installed. It was created in July 2003 so may have been done by someone else. In the meantime I've found that it would be the 2000 version I need. If its not something I'd need for an accounting package then I'd get rid of it as its taking up valuable space.