Microsoft Releases Three More Security Bulletins

In yet another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft VM, Windows 2000, Windows XP and Windows NT 4 security problems.

Bulletin: MS02-069
Title: Flaw in Microsoft VM Could Enable System Compromise
Risk: Critical
Advisory: http://www.net-security.org/advisory.php?id=1385
Description: A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for eight newly reported security issues. The attack vectors for all of the new issues would likely be the same. An attacker would create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.

Bulletin: MS02-070
Title: Flaw in SMB Signing Could Enable Group Policy to be Modified
Risk: Moderate
Advisory: http://www.net-security.org/advisory.php?id=1386
Description: Server Message Block (SMB) is a protocol natively supported by all
versions of Windows. A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system.

Bulletin: MS02-071
Title: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation
Risk: Important
Advisory: http://www.net-security.org/advisory.php?id=1387
Description: Windows messages provide a way for interactive processes to react to user events and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it’s possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer.