November 13, Microsoft Microsoft Security Bulletin MS03−051:
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution. There are two vulnerabilities in Microsoft FrontPage Server Extensions. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail. The attacker could then take any action on the system. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−051.asp
November 11, Microsoft Microsoft Security Bulletin MS03−048:
Cumulative Security Update for Internet Explorer. There are three vulnerabilities that involve the cross−domain security model of Internet Explorer, which keeps windows of different domains from sharing information. These vulnerabilities could result in the execution of script in the My Computer zone. After the user has visited a malicious Website or viewed a malicious HTML e−mail message an attacker who exploited one of these vulnerabilities could access files on a user's system, and run arbitrary code on a user's system in the security context of the user. Another vulnerability involves the way zone information is passed to an XML object within Internet Explorer. This vulnerability could allow an attacker to read local files on a user's system. Finally, there is a vulnerability that involves performing a drag−and−drop operation during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicks a link. No dialog box would request that the user approve this download. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install this patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−048.asp
November 11, Microsoft Microsoft Security Bulletin MS03−049:
Buffer Overrun in the Workstation Service Could Allow Code Execution. A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges. If users have blocked inbound UDP ports 138, 139, 445 and TCP ports 138, 139, 445 by using a firewall an attacker would be prevented from sending messages to the Workstation service. Most firewalls, including Internet Connection Firewall in Windows XP, block these ports by default. Disabling the Workstation service will prevent the possibility of attack. Only Windows 2000 and Window XP are vulnerable to this attack. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−049.asp
November 11, Microsoft Microsoft Security Bulletin MS03−050:
Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run. A vulnerability exists in Microsoft Excel that could allow malicious code execution. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out. A vulnerability exists in Microsoft Word that could allow malicious code execution. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out. Microsoft has assigned a risk rating of "Important" to this issue and recommends that system administrators install this patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−050.asp
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution. There are two vulnerabilities in Microsoft FrontPage Server Extensions. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail. The attacker could then take any action on the system. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−051.asp
November 11, Microsoft Microsoft Security Bulletin MS03−048:
Cumulative Security Update for Internet Explorer. There are three vulnerabilities that involve the cross−domain security model of Internet Explorer, which keeps windows of different domains from sharing information. These vulnerabilities could result in the execution of script in the My Computer zone. After the user has visited a malicious Website or viewed a malicious HTML e−mail message an attacker who exploited one of these vulnerabilities could access files on a user's system, and run arbitrary code on a user's system in the security context of the user. Another vulnerability involves the way zone information is passed to an XML object within Internet Explorer. This vulnerability could allow an attacker to read local files on a user's system. Finally, there is a vulnerability that involves performing a drag−and−drop operation during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicks a link. No dialog box would request that the user approve this download. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install this patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−048.asp
November 11, Microsoft Microsoft Security Bulletin MS03−049:
Buffer Overrun in the Workstation Service Could Allow Code Execution. A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges. If users have blocked inbound UDP ports 138, 139, 445 and TCP ports 138, 139, 445 by using a firewall an attacker would be prevented from sending messages to the Workstation service. Most firewalls, including Internet Connection Firewall in Windows XP, block these ports by default. Disabling the Workstation service will prevent the possibility of attack. Only Windows 2000 and Window XP are vulnerable to this attack. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−049.asp
November 11, Microsoft Microsoft Security Bulletin MS03−050:
Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run. A vulnerability exists in Microsoft Excel that could allow malicious code execution. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out. A vulnerability exists in Microsoft Word that could allow malicious code execution. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out. Microsoft has assigned a risk rating of "Important" to this issue and recommends that system administrators install this patch immediately.
Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03−050.asp
but no help. I also have a networked database that doesn't like me fiddiling with the network settings so I'm trying to avoid reinstalling tcp/ip.