Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
431 Posts
Discussion Starter · #1 ·
Hi Guys

Trend Micro's hokey cokey 2000 new scanning options removed 3 spyware and identified the following vulnerabilities:

Moderate - This vulnerability enables a remote attacker to cause a denial of service or execute arbitrary code by sending a database query that contains certain long arguments. This is caused by a buffer overflow in the extended stored procedures for Microsoft SQL Server 7.0 and 2000. MS02-020

Highly Critical - This vulnerability allows a remote attacker to cause a denial of service by sending a keep-alive packet to the UDP port 1434 (Resolution Service). This is caused by the keep-alive mechanism of Microsoft SQL Server 2000, wherein two systems could enter an infinite exchange of keep-alive packets, which will lead to slow down of these systems.;This vulnerability allows a remote attacker to execute code in the security context of the SQL Server service. This is caused by multiple buffer overflows in SQL Server 2000 Resolution Service. MS02-039

Critical - This vulnerability enables a remote attacker to execute code via a malformed HTTP request to the Data Stub when the heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0 is triggered. MS02-065

Moderate - A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018

Critical - A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037

Critical - This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038

Microsoft Updates offered me the last one, MS05-038 which I've now installed. I've searched for the others and the first one MS02-020 offers me 2 choices but I don't know how to find which one I need. I can't yet find a download for MS05-037 for 98SE. The others seem straight forward enough.

Is there anything else I should do apart from install what I can and can anyone tell me how to find out whether to download the 7.00 or 2000 for the first update.
 

·
Registered
Joined
·
431 Posts
Discussion Starter · #3 ·
Hi sUBs - Yeah I know but I've been updating for the last couple of years - I'd have thought I'd have got these (or at least the option) before now. Microsoft Updates tells me there are no updates to install so if TrendMicro is correct I have to search, select and install the right ones. I've found where to download most of them but don't know which to choose for the first one, 7.00 or 2000 - what's a SQL server anyway?
 

·
Registered
Joined
·
431 Posts
Discussion Starter · #5 ·
OK - thanks for that info. I haven't downloaded it myself - would it have come with anything e.g. Sage or is it something that would have to have been manually installed. It was created in July 2003 so may have been done by someone else. In the meantime I've found that it would be the 2000 version I need. If its not something I'd need for an accounting package then I'd get rid of it as its taking up valuable space.
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top