windows crashed



'Help with my PC' is designed to give you free advice on using your PC
With years of experience in giving advice to both Novices and Experts
you should find what you need in a language you can understand.
   
configure email
Google
 
Web www.helpwithmypc.info
xp errors

  
Home Page
Free PC Diagnostics
Windows 7
Outlook Express
IT News
Broadband News
Virus News
XP Tweaks
WIFI Security
Free Software
Pop Ups
Parental Control
Troubleshoot
Spam
Sitemaps
Windows Boot Errors
Word Crashes
Word Tutorials
Backup Files
Secure your PC
Link to us
Glossery
GoogleDance
Links
Your Questions
Disclaimer
bios beeps






 
outlook express parental control
Windows Security Updates Fix Critical issues
Severity: High
10 November, 2009
 
Summary:
 
§ These vulnerabilities affect: All current versions of Windows and the components that ship with it.
§ How an attacker exploits them: Multiple vectors of attack, including sending a specially crafted packet, or running a malicious program
§ Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
§ What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
 
Exposure:
 
Today, Microsoft released four security bulletins describing five vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.
 
 
§ MS09-063: WSD Memory Corruption Vulnerability
 
Web Services on Devices (WSD) is a component that helps Windows clients discover and access remote devices across a network (devices such as PDAs, cameras, smart phones, etc). WSD ships with Windows Vista and Server 2008. WSD suffers from a memory corruption flaw involving its inability to properly parse specially crafted WSD messages. By sending a malicious WSD message to a vulnerable Windows machine, an attacker could exploit this flaw to execute code on that user's computer, with that user's privileges. If your user has local administrative privileges, the attacker would gain complete control of the user's computer. However, the Windows firewall only allows WSD connections from your local network. Furthermore, a network firewall-- such as a WatchGuard Firebox -- also blocks the WSD ports by default (TCP ports 5357 and 5358). So this vulnerability primarily poses an internal risk.
 
Microsoft rating: Critical.
 
 
§ MS09-064: Win2K LLS Buffer Overflow Vulnerabilities
The License Logging Server (LLS) is a tool that helps administrators manage licenses for Microsoft server products that are licensed in the Server Client Access License (CAL) model. LLS ships with older Server versions of Windows. However, this particular flaw only affects LLS on Windows 2000 servers. LLS suffers from a buffer overflow involving its inability to properly validate the length of a parameter in a specially crafted RPC message. By sending a specially crafted RPC message, an attacker could leverage this vulnerability to gain complete control of your Windows computers. However, most administrators do not allow RPC traffic through their firewall. Therefore, these vulnerabilities primarily pose an internal risk. Again, this flaw only affects Windows 2000 servers.
 
Microsoft rating: Critical.
 
 
§ MS09-065: Three Windows Kernel Vulnerabilities
The Windows kernel suffers from two elevation of privilege (EoP) vulnerabilities and a code execution vulnerability. All three of the flaws differ technically, but share a similar impact. By running a specially crafted program on one of your Windows computers, or by enticing one of your users to view content rendered with a specially crafted EOT font, an attacker can gain complete control of that Windows system. With two of these flaws, the attacker needs to have local access to one of your computers in order to run his malicious application. So those two vulnerabilities primarily pose an internal risk. However, a remote hacker could entice one of your users to view content containing a special font. So that particular kernel vulnerability poses the most severe risk.
 
Microsoft rating: Critical.
 
 
§ MS09-066: Active Directory DoS Vulnerability
 
Active Directory (AD) provides central authentication and authorization services for Windows computers and ships with most recent server versions of Windows. AD suffers from a Denial of Service (DoS) vulnerability due to its inability to properly parse certain LDAP or LDAPS messages. By sending your AD service a specially crafted LDAP or LDAPS packet, an attacker could cause the server to stop responding. You'd have to reboot your AD server before your users could resume authentication. However, most administrators do not allow LDAP traffic through their firewall. Therefore, this vulnerability primarily poses an internal risk.
 
Microsoft rating: Important. 
 
 
Solution Path:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
§ Windows Server 2003
§ Windows Server 2003 x64
 
Note: These vulnerabilities do not affect any other versions of Windows
 
 
Status:
Microsoft has released patches correcting these issues.
 
References:
§ Microsoft Security Bulletin MS09-063
§ Microsoft Security Bulletin MS09-064
§ Microsoft Security Bulletin MS09-065
§ Microsoft Security Bulletin MS09-066
 
 
 








Links:

UK Historical Gardens
 
Check Domain Names
 
UK Football News
 
Christian Resources
 
Entertainment News