Manifesto Multilinko |
|
Interesting links and notes on updates to my main website.
[to search, use Blogger search in top bar] NEW BLOG
HOME ---- [contact me] My Blogger Profile View my photo galleries. Listen to my radio station. Currently ReadingThis is an Ottawa blog (Ontario, Canada). Cool blogs: McWetlog wood s lot La Tribu du Verbe Wil Wheaton Darren Barefoot Lectio.ca Blogger profiles in Ottawa Other good sites: Slashdot Wired News Mark Morford's Notes & Errata This page uses Extreme Tracker which is determining your referrer by running some JavaScript. The commenting system was Reblogger. |
Wednesday, January 14, 2004
computer and network security - Microsoft January 2004 bulletins
For some reason, I didn't get the monthly MS security email, but anyway Microsoft Windows Security Bulletin Summary for January, 2004 There is an MDAC vulnerability, just rated "important". Microsoft Security Bulletin MS04-003: Buffer Overrun in MDAC Function Could Allow Code Execution (832483) Symantec Security Response: Microsoft MDAC Function Broadcast Response Buffer Overrun Vulnerability Note that when they say "Windows Security", they're just bulletins for the core OS. MS has separate security bulletins for all of its various products. The one that is getting the most attention is for their rather uselessly named "Internet Security and Acceleration Server" Microsoft Security Bulletin MS04-001: Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458) There are accompanying, related advisories from OCIPEP, CERT, Symantec. Note that the H.323 vulnerability extends to a variety of systems other than just Microsoft. OCIPEP AV04-001: Vulnerability Issues in Implementations of the H.323 Protocol CERT® Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities Symantec Security Response: Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
I expect though you may need port 1720 (H.323 host call) for other H.323 audio/video conference apps, for example according to my TCP/IP port page you need it for NetMeeting, GnomeMeeting, Netscape Conference, presumably ohphone and so on. So you may want to be careful about blocking it at your perimeter. HOME - |