|
Step-by-Step:
Help Protect Your
Computer with Critical Updates
August
11, 2003
Keeping
your operating system current with the latest updates
from Microsoft is the most important step you can take
toward more stable and secure computing.
Updates—also
known as fixes, patches, and service packs—address
exploitable flaws or add new features to software. Updates
that are classified as critical by the Microsoft Windows
Update service improve your computer's security and
compatibility. To help protect your computer and keep
it running smoothly, you should install critical updates
as soon they become available.
The
Best Method: Automatic Updates and Installs
The latest Microsoft® Windows® operating systems—Windows
XP and Windows 2000—give you the option of installing
updates automatically so you stay current with important
updates. The Automatic Updates feature works in the
background, so it doesn't interfere with your computing.
To check for and download updates, your computer simply
needs to be turned on and connected to the Internet.
It does the rest for you. But even if you are using
an earlier version of Windows, there are still some
simple steps you can take to stay informed of important
updates.
Visit
this page on the Microsoft Web Site:
http://www.microsoft.com/security/articles/stepbystep/
|
Some
viruses can launch just by READING YOUR E-MAIL!
Some viruses can launch when you VISIT A HOSTILE WEB SITE!
Updating
Windows (downloading & installing the latest security
patches from Microsoft) can help to prevent this from happening!
Back
To Top
|
July
2003, Cumulative Patch for
Internet Explorer (823559)
Read
the July 2003 Microsoft Security Bulletin MS03-023
Who
should read this bulletin?
Customers using The Microsoft®
Internet Explorer
Web Browser for Windows Operating System.
This
update resolves the "Buffer Overrun In HTML Converter
Could Allow Code Execution (823559)" security vulnerability
in Microsoft® Windows®, and is discussed in
Microsoft Security Bulletin MS03-023. Download now to
help prevent an attacker from compromising a Microsoft
Windows-based system and then taking a variety of actions,
such as executing code on the system.
What
You Should Know About Microsoft Security
Bulletin MS03-023 Security Update for Microsoft Windows
July
9, 2003, Why
We Are Issuing This Update
A
security issue has been identified in Microsoft®
Windows® that could allow an attacker to compromise
a computer running Microsoft Windows and gain control
over it. For example, an attacker could execute
code on your system. You can help protect your computer
by installing this update from Microsoft.
Products
Affected by This Update
The following products require updating:
Microsoft
Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition (Windows Me
Microsoft Windows NT® 4.0 Server
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003
|
How
to Check Which Version You Have
If you are unsure whether a product you are running
is affected by this issue, check the version.
To determine
which version of Microsoft
Windows you are running:
On
the taskbar at the bottom of your screen,
click Start, and then click Run.
In
the Run dialog box, type: winver Click
OK. A dialog box
displays the version that you are running.
|
| Back
To Top |
| SECURITY
PATCH FOR OUTLOOK EXPRESS |
Critical
Update For Outlook Express
April
2003, Cumulative Patch for Outlook Express (330994)
VISIT
THE MICROSOFT WEB SITE TO DOWNLOAD SECURITY PATCH
Read
the Microsoft Security Bulletin MS03-014 |
| The
"April 2003, Cumulative Patch for Outlook Express"
eliminates all previously addressed security vulnerabilities
affecting Outlook Express, as well as additional newly
discovered vulnerabilities. This update includes the
functionality of all previously released patches. Download
now to help maintain the security of your computer. |
Who
should read this bulletin?
Customers using Microsoft®
Outlook Express |
| Impact
of vulnerability: This bulletin addresses a vulnerability
that could allow an attacker to run code of the attacker’s
choice on a user’s machine. To exploit the vulnerability,
attacker would have to be able to cause Windows to open
a specially constructed MHTML URL, either on a web site
or included in an HTML email message. |
Maximum
Severity Rating: Critical
Recommendation:
Customers should install
the patch at the earliest opportunity.
Affected
Software:
This
update applies to Outlook Express with the following operating
systems:
This
patch is specifically designed for Microsoft Outlook Express.
*Please be aware that Microsoft Outlook
is a different product.
|
Back
To Top |
Bogus
Microsoft Security Bulletin E-Mails
Read
This Article On The Microsoft Web Site |
|
DATE:
April 03, 2003
From
time to time malicious individuals circulate e-mails
that purport to be a
Microsoft Security Bulletin or Patch. Some of the emails
direct the reader to
download an executable file from a web site - while
others include
an executable file which contains a virus.
Customers
who receive such an email should delete it, and under
no circumstances should they download or run the executable.
Some
of the emails claim to be a security patch for
Windows or Internet Explorer, others are more generic.
There
are several clues which indicate that the e-mails
aren’t a bona fide security bulletin or patch:
- The
e-mail isn't signed using the Microsoft Security Response
Center’s digital signature. The Microsoft
Security Response Center always signs its bulletins
before mailing them, and you can verify the signature
using the key we publish at http://www.microsoft.com/technet/security/bulletin/notify.asp.
If you are ever in doubt about the authenticity of
a bulletin mailer you’ve received, consult the
web-hosted bulletins on the Microsoft Security web
site – the versions there are the authoritative
source for information on Microsoft Security Bulletins.
- The
e-mail contains a patch. Authentic security bulletin
mailers never provide the patch itself or a link to
the patch; instead, they refer the reader to the complete
version of the bulletin on our web site, which provides
a link to the patch. More information on the Microsoft
policy on software distribution is available at: http://microsoft.com/technet/security/policy/swdist.asp
- The
"patch" contained in the bogus bulletin
isn't digitally signed by Microsoft. Microsoft
always digitally signs the patches it releases. Always
be sure you check the signature of any executable
before installing it on your system.
Microsoft
urges customers to always verify any mail that claims
to be
a Microsoft security bulletin by using the steps
described above and
by always checking the Microsoft Web site for the
definitive
source of information on Microsoft Security Bulletins:
|
More
Information on viruses and anti-virus software is available
at:
How
to help protect your computer from viruses:
http://microsoft.com/security/articles/remedies_viruses.asp
Antivirus
software:
http://microsoft.com/security/articles/antivirus.asp
|
|
