It looks as if Trend is telling you that the computer requires patching. I believe you may get the updates from http://windowsupdate.microsoft.com
TrendMicro results. What do I do now?
Hi Guys
Trend Micro's hokey cokey 2000 new scanning options removed 3 spyware and identified the following vulnerabilities:
Moderate - This vulnerability enables a remote attacker to cause a denial of service or execute arbitrary code by sending a database query that contains certain long arguments. This is caused by a buffer overflow in the extended stored procedures for Microsoft SQL Server 7.0 and 2000. MS02-020
Highly Critical - This vulnerability allows a remote attacker to cause a denial of service by sending a keep-alive packet to the UDP port 1434 (Resolution Service). This is caused by the keep-alive mechanism of Microsoft SQL Server 2000, wherein two systems could enter an infinite exchange of keep-alive packets, which will lead to slow down of these systems.;This vulnerability allows a remote attacker to execute code in the security context of the SQL Server service. This is caused by multiple buffer overflows in SQL Server 2000 Resolution Service. MS02-039
Critical - This vulnerability enables a remote attacker to execute code via a malformed HTTP request to the Data Stub when the heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0 is triggered. MS02-065
Moderate - A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018
Critical - A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037
Critical - This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038
Microsoft Updates offered me the last one, MS05-038 which I've now installed. I've searched for the others and the first one MS02-020 offers me 2 choices but I don't know how to find which one I need. I can't yet find a download for MS05-037 for 98SE. The others seem straight forward enough.
Is there anything else I should do apart from install what I can and can anyone tell me how to find out whether to download the 7.00 or 2000 for the first update.
Trend Micro's hokey cokey 2000 new scanning options removed 3 spyware and identified the following vulnerabilities:
Moderate - This vulnerability enables a remote attacker to cause a denial of service or execute arbitrary code by sending a database query that contains certain long arguments. This is caused by a buffer overflow in the extended stored procedures for Microsoft SQL Server 7.0 and 2000. MS02-020
Highly Critical - This vulnerability allows a remote attacker to cause a denial of service by sending a keep-alive packet to the UDP port 1434 (Resolution Service). This is caused by the keep-alive mechanism of Microsoft SQL Server 2000, wherein two systems could enter an infinite exchange of keep-alive packets, which will lead to slow down of these systems.;This vulnerability allows a remote attacker to execute code in the security context of the SQL Server service. This is caused by multiple buffer overflows in SQL Server 2000 Resolution Service. MS02-039
Critical - This vulnerability enables a remote attacker to execute code via a malformed HTTP request to the Data Stub when the heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0 is triggered. MS02-065
Moderate - A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018
Critical - A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037
Critical - This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038
Microsoft Updates offered me the last one, MS05-038 which I've now installed. I've searched for the others and the first one MS02-020 offers me 2 choices but I don't know how to find which one I need. I can't yet find a download for MS05-037 for 98SE. The others seem straight forward enough.
Is there anything else I should do apart from install what I can and can anyone tell me how to find out whether to download the 7.00 or 2000 for the first update.
- Status
- Not open for further replies.
1 - 5 of 5 Posts
Hi sUBs - Yeah I know but I've been updating for the last couple of years - I'd have thought I'd have got these (or at least the option) before now. Microsoft Updates tells me there are no updates to install so if TrendMicro is correct I have to search, select and install the right ones. I've found where to download most of them but don't know which to choose for the first one, 7.00 or 2000 - what's a SQL server anyway?
I'm not familiar with the above software. It appears to be an add-on program you have installed. If you're not using it, you should uninstall/disable it.
Found some info about it here:
http://en.wikipedia.org/wiki/Microsoft_SQL_Server_2000
http://www.sqlteam.com/item.asp?ItemID=215
http://www.google.com/url?sa=t&ct=r...s/securitytools.asp&ei=MYMMQ7OZKM6CsQGZw4n2CA
Found some info about it here:
http://en.wikipedia.org/wiki/Microsoft_SQL_Server_2000
http://www.sqlteam.com/item.asp?ItemID=215
http://www.google.com/url?sa=t&ct=r...s/securitytools.asp&ei=MYMMQ7OZKM6CsQGZw4n2CA
OK - thanks for that info. I haven't downloaded it myself - would it have come with anything e.g. Sage or is it something that would have to have been manually installed. It was created in July 2003 so may have been done by someone else. In the meantime I've found that it would be the 2000 version I need. If its not something I'd need for an accounting package then I'd get rid of it as its taking up valuable space.
1 - 5 of 5 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Recommended Communities
