Sign in with
Sign up | Sign in
Your question

Update patch for MSN Messenger

Last response: in Windows XP
Share
Anonymous
June 17, 2005 10:39:03 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I had to restore the operating system and when I re-install the msn messenger
this window came up with this info at www.updatepatch.info.
I didn't install it because they charge $19.99 to download it but I found it
kind of strange isn't in the windows website. Does any body know if we
really need this patCH?
THanks

THis is what the window that pop up said:

Buffer Overflow in Messenger Service Could Allow Code Execution /
Unexpected Computer Shutdown
Issued: June 10, 2005

Summary
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Maximum Severity Rating: Critical

Recommendation: Users running vulnerable version should install a patch
immediately

Caveats: None

Tested Software and Patch Download Locations:

Affected Software:

Microsoft Windows NT Workstation - Download a fix to patch this issue
Microsoft Windows NT - Download a fix to patch this issue
Microsoft Windows 2000 - Download a fix to patch this issue
Microsoft Windows XP - Download a fix to patch this issue
Microsoft Windows Win98 - Download a fix to patch this issue
Microsoft Windows Server 2003 - Download a fix to patch this issue


The software listed above has been tested to determine if the versions are
affected. Other versions are no longer supported, and may or may not be
affected.

Technical Description:

A security vulnerability exists in the Microsoft® Messenger Service that
could allow arbitrary code execution on an affected system. The vulnerability
results because the Messenger Service does not properly validate the length
of a message before passing it to the allocated buffer.

An attacker who successfully exploited this vulnerability could be able to
run code with Local System privileges on an affected system, or could cause
the Messenger Service to fail. The attacker could then take any action on the
system, including installing programs, viewing, changing or deleting data, or
creating new accounts with full privileges.

Mitigating factors:

Messages are delivered to the Messenger service via NetBIOS or RPC. If users
have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast packets
using a firewall, others will not be able to send messages to them on those
ports. Most firewalls, including Internet Connection Firewall in Windows XP,
block NetBIOS by default.
Disabling the Messenger Service will prevent the possibility of attack.
On Windows Server 2003 systems, the Messenger Service is disabled by default.
Severity Rating:



Windows NT Critical
Windows Server NT 4.0 Terminal Server Edition Critical
Windows 2000 Critical
Windows XP Critical
Windows Server 2003 Moderate
Anonymous
June 18, 2005 2:00:27 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi,

Microsoft doesn't charge for patches and hotfixes, the site you were
referred to is not legit in that it attempts to fool the end user into
paying for something they can obtain for free. See:
http://www.microsoft.com/technet/security/bulletin/ms03...

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"arojas28" <arojas28@discussions.microsoft.com> wrote in message
news:C825BC73-B62E-4675-9DEE-CB43BECB6D5E@microsoft.com...
>I had to restore the operating system and when I re-install the msn
>messenger
> this window came up with this info at www.updatepatch.info.
> I didn't install it because they charge $19.99 to download it but I found
> it
> kind of strange isn't in the windows website. Does any body know if we
> really need this patCH?
> THanks
>
> THis is what the window that pop up said:
>
> Buffer Overflow in Messenger Service Could Allow Code Execution /
> Unexpected Computer Shutdown
> Issued: June 10, 2005
>
> Summary
> Impact of Vulnerability: Remote Code Execution / Virus Infection /
> Unexpected shutdowns
>
> Maximum Severity Rating: Critical
>
> Recommendation: Users running vulnerable version should install a patch
> immediately
>
> Caveats: None
>
> Tested Software and Patch Download Locations:
>
> Affected Software:
>
> Microsoft Windows NT Workstation - Download a fix to patch this issue
> Microsoft Windows NT - Download a fix to patch this issue
> Microsoft Windows 2000 - Download a fix to patch this issue
> Microsoft Windows XP - Download a fix to patch this issue
> Microsoft Windows Win98 - Download a fix to patch this issue
> Microsoft Windows Server 2003 - Download a fix to patch this issue
>
>
> The software listed above has been tested to determine if the versions are
> affected. Other versions are no longer supported, and may or may not be
> affected.
>
> Technical Description:
>
> A security vulnerability exists in the Microsoft® Messenger Service that
> could allow arbitrary code execution on an affected system. The
> vulnerability
> results because the Messenger Service does not properly validate the
> length
> of a message before passing it to the allocated buffer.
>
> An attacker who successfully exploited this vulnerability could be able to
> run code with Local System privileges on an affected system, or could
> cause
> the Messenger Service to fail. The attacker could then take any action on
> the
> system, including installing programs, viewing, changing or deleting data,
> or
> creating new accounts with full privileges.
>
> Mitigating factors:
>
> Messages are delivered to the Messenger service via NetBIOS or RPC. If
> users
> have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast packets
> using a firewall, others will not be able to send messages to them on
> those
> ports. Most firewalls, including Internet Connection Firewall in Windows
> XP,
> block NetBIOS by default.
> Disabling the Messenger Service will prevent the possibility of attack.
> On Windows Server 2003 systems, the Messenger Service is disabled by
> default.
> Severity Rating:
>
>
>
> Windows NT Critical
> Windows Server NT 4.0 Terminal Server Edition Critical
> Windows 2000 Critical
> Windows XP Critical
> Windows Server 2003 Moderate
>
>
>
>
Anonymous
June 18, 2005 11:49:10 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

arojas28 wrote:
> I had to restore the operating system and when I re-install the msn messenger
> this window came up with this info at www.updatepatch.info.
> I didn't install it because they charge $19.99 to download it but I found it
> kind of strange isn't in the windows website. Does any body know if we
> really need this patCH?
> THanks
>


It's a scam, plain and simple. It's from a very unscrupulous
"business." They're trying to sell you patches that Microsoft provides
free-of-charge, and using a very intrusive means of advertising. It's
also demonstrating that your PC is very unsecured.

This type of spam has become quite common over the past couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster,
Welchia, and Sasser Worms that still haunt the Internet. Install and
use a decent, properly configured firewall. (Merely disabling the
messenger service, as some people recommend, only hides the symptom,
and does little or nothing to truly secure your machine.) And
ignoring or just "putting up with" the security gap represented by
these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/comm...

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure UP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
may also disable Inbound NetBIOS over TCP/IP). You'll have
to follow the instructions from firewall's manufacturer for the
specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&...

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.


To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/

--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
Related resources
Anonymous
June 18, 2005 2:44:31 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Just to let you know. Any website ending with .info is a fraud. These
domains are usually out of Brazil and they are almost all spyware infested.
Stay away from them.

--
George Hester
_______________________________
"arojas28" <arojas28@discussions.microsoft.com> wrote in message
news:C825BC73-B62E-4675-9DEE-CB43BECB6D5E@microsoft.com...
> I had to restore the operating system and when I re-install the msn
messenger
> this window came up with this info at www.updatepatch.info.
> I didn't install it because they charge $19.99 to download it but I found
it
> kind of strange isn't in the windows website. Does any body know if we
> really need this patCH?
> THanks
>
> THis is what the window that pop up said:
>
> Buffer Overflow in Messenger Service Could Allow Code Execution /
> Unexpected Computer Shutdown
> Issued: June 10, 2005
>
> Summary
> Impact of Vulnerability: Remote Code Execution / Virus Infection /
> Unexpected shutdowns
>
> Maximum Severity Rating: Critical
>
> Recommendation: Users running vulnerable version should install a patch
> immediately
>
> Caveats: None
>
> Tested Software and Patch Download Locations:
>
> Affected Software:
>
> Microsoft Windows NT Workstation - Download a fix to patch this issue
> Microsoft Windows NT - Download a fix to patch this issue
> Microsoft Windows 2000 - Download a fix to patch this issue
> Microsoft Windows XP - Download a fix to patch this issue
> Microsoft Windows Win98 - Download a fix to patch this issue
> Microsoft Windows Server 2003 - Download a fix to patch this issue
>
>
> The software listed above has been tested to determine if the versions are
> affected. Other versions are no longer supported, and may or may not be
> affected.
>
> Technical Description:
>
> A security vulnerability exists in the Microsoft® Messenger Service that
> could allow arbitrary code execution on an affected system. The
vulnerability
> results because the Messenger Service does not properly validate the
length
> of a message before passing it to the allocated buffer.
>
> An attacker who successfully exploited this vulnerability could be able to
> run code with Local System privileges on an affected system, or could
cause
> the Messenger Service to fail. The attacker could then take any action on
the
> system, including installing programs, viewing, changing or deleting data,
or
> creating new accounts with full privileges.
>
> Mitigating factors:
>
> Messages are delivered to the Messenger service via NetBIOS or RPC. If
users
> have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast packets
> using a firewall, others will not be able to send messages to them on
those
> ports. Most firewalls, including Internet Connection Firewall in Windows
XP,
> block NetBIOS by default.
> Disabling the Messenger Service will prevent the possibility of attack.
> On Windows Server 2003 systems, the Messenger Service is disabled by
default.
> Severity Rating:
>
>
>
> Windows NT Critical
> Windows Server NT 4.0 Terminal Server Edition Critical
> Windows 2000 Critical
> Windows XP Critical
> Windows Server 2003 Moderate
>
>
>
>
June 18, 2005 8:52:32 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"George Hester" <hesterloli@hotmail.com> wrote

> Just to let you know. Any website ending with .info is a fraud. These
> domains are usually out of Brazil and they are almost all spyware
> infested.
> Stay away from them.
>
> --
> George Hester

Oh, horsepucky. Many sites are frauds and can have a .com, .net, .org, .biz,
..tv or .info ending. .info is a bonafide domain and many sites that use that
are only providing, yeah, you guessed it, *information*.

Alias
> _______________________________
> "arojas28" <arojas28@discussions.microsoft.com> wrote in message
> news:C825BC73-B62E-4675-9DEE-CB43BECB6D5E@microsoft.com...
>> I had to restore the operating system and when I re-install the msn
> messenger
>> this window came up with this info at www.updatepatch.info.
>> I didn't install it because they charge $19.99 to download it but I found
> it
>> kind of strange isn't in the windows website. Does any body know if we
>> really need this patCH?
>> THanks
>>
>> THis is what the window that pop up said:
>>
>> Buffer Overflow in Messenger Service Could Allow Code Execution /
>> Unexpected Computer Shutdown
>> Issued: June 10, 2005
>>
>> Summary
>> Impact of Vulnerability: Remote Code Execution / Virus Infection /
>> Unexpected shutdowns
>>
>> Maximum Severity Rating: Critical
>>
>> Recommendation: Users running vulnerable version should install a patch
>> immediately
>>
>> Caveats: None
>>
>> Tested Software and Patch Download Locations:
>>
>> Affected Software:
>>
>> Microsoft Windows NT Workstation - Download a fix to patch this issue
>> Microsoft Windows NT - Download a fix to patch this issue
>> Microsoft Windows 2000 - Download a fix to patch this issue
>> Microsoft Windows XP - Download a fix to patch this issue
>> Microsoft Windows Win98 - Download a fix to patch this issue
>> Microsoft Windows Server 2003 - Download a fix to patch this issue
>>
>>
>> The software listed above has been tested to determine if the versions
>> are
>> affected. Other versions are no longer supported, and may or may not be
>> affected.
>>
>> Technical Description:
>>
>> A security vulnerability exists in the Microsoft® Messenger Service that
>> could allow arbitrary code execution on an affected system. The
> vulnerability
>> results because the Messenger Service does not properly validate the
> length
>> of a message before passing it to the allocated buffer.
>>
>> An attacker who successfully exploited this vulnerability could be able
>> to
>> run code with Local System privileges on an affected system, or could
> cause
>> the Messenger Service to fail. The attacker could then take any action on
> the
>> system, including installing programs, viewing, changing or deleting
>> data,
> or
>> creating new accounts with full privileges.
>>
>> Mitigating factors:
>>
>> Messages are delivered to the Messenger service via NetBIOS or RPC. If
> users
>> have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast
>> packets
>> using a firewall, others will not be able to send messages to them on
> those
>> ports. Most firewalls, including Internet Connection Firewall in Windows
> XP,
>> block NetBIOS by default.
>> Disabling the Messenger Service will prevent the possibility of attack.
>> On Windows Server 2003 systems, the Messenger Service is disabled by
> default.
>> Severity Rating:
>>
>>
>>
>> Windows NT Critical
>> Windows Server NT 4.0 Terminal Server Edition Critical
>> Windows 2000 Critical
>> Windows XP Critical
>> Windows Server 2003 Moderate
>>
>>
>>
>>
>
Anonymous
June 18, 2005 8:52:33 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

It is not but hey it is your machine. Do what you want. I did not say that
only frauds end in info. I said those that do are frauds. USUALLY.

--
George Hester
_______________________________
"Alias" <aka@[notme]maskedandanonymous.org> wrote in message
news:uiOSbVBdFHA.2760@tk2msftngp13.phx.gbl...
>
> "George Hester" <hesterloli@hotmail.com> wrote
>
> > Just to let you know. Any website ending with .info is a fraud. These
> > domains are usually out of Brazil and they are almost all spyware
> > infested.
> > Stay away from them.
> >
> > --
> > George Hester
>
> Oh, horsepucky. Many sites are frauds and can have a .com, .net, .org,
..biz,
> .tv or .info ending. .info is a bonafide domain and many sites that use
that
> are only providing, yeah, you guessed it, *information*.
>
> Alias
> > _______________________________
> > "arojas28" <arojas28@discussions.microsoft.com> wrote in message
> > news:C825BC73-B62E-4675-9DEE-CB43BECB6D5E@microsoft.com...
> >> I had to restore the operating system and when I re-install the msn
> > messenger
> >> this window came up with this info at www.updatepatch.info.
> >> I didn't install it because they charge $19.99 to download it but I
found
> > it
> >> kind of strange isn't in the windows website. Does any body know if we
> >> really need this patCH?
> >> THanks
> >>
> >> THis is what the window that pop up said:
> >>
> >> Buffer Overflow in Messenger Service Could Allow Code Execution /
> >> Unexpected Computer Shutdown
> >> Issued: June 10, 2005
> >>
> >> Summary
> >> Impact of Vulnerability: Remote Code Execution / Virus Infection /
> >> Unexpected shutdowns
> >>
> >> Maximum Severity Rating: Critical
> >>
> >> Recommendation: Users running vulnerable version should install a patch
> >> immediately
> >>
> >> Caveats: None
> >>
> >> Tested Software and Patch Download Locations:
> >>
> >> Affected Software:
> >>
> >> Microsoft Windows NT Workstation - Download a fix to patch this issue
> >> Microsoft Windows NT - Download a fix to patch this issue
> >> Microsoft Windows 2000 - Download a fix to patch this issue
> >> Microsoft Windows XP - Download a fix to patch this issue
> >> Microsoft Windows Win98 - Download a fix to patch this issue
> >> Microsoft Windows Server 2003 - Download a fix to patch this issue
> >>
> >>
> >> The software listed above has been tested to determine if the versions
> >> are
> >> affected. Other versions are no longer supported, and may or may not be
> >> affected.
> >>
> >> Technical Description:
> >>
> >> A security vulnerability exists in the Microsoft® Messenger Service
that
> >> could allow arbitrary code execution on an affected system. The
> > vulnerability
> >> results because the Messenger Service does not properly validate the
> > length
> >> of a message before passing it to the allocated buffer.
> >>
> >> An attacker who successfully exploited this vulnerability could be able
> >> to
> >> run code with Local System privileges on an affected system, or could
> > cause
> >> the Messenger Service to fail. The attacker could then take any action
on
> > the
> >> system, including installing programs, viewing, changing or deleting
> >> data,
> > or
> >> creating new accounts with full privileges.
> >>
> >> Mitigating factors:
> >>
> >> Messages are delivered to the Messenger service via NetBIOS or RPC. If
> > users
> >> have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast
> >> packets
> >> using a firewall, others will not be able to send messages to them on
> > those
> >> ports. Most firewalls, including Internet Connection Firewall in
Windows
> > XP,
> >> block NetBIOS by default.
> >> Disabling the Messenger Service will prevent the possibility of attack.
> >> On Windows Server 2003 systems, the Messenger Service is disabled by
> > default.
> >> Severity Rating:
> >>
> >>
> >>
> >> Windows NT Critical
> >> Windows Server NT 4.0 Terminal Server Edition Critical
> >> Windows 2000 Critical
> >> Windows XP Critical
> >> Windows Server 2003 Moderate
> >>
> >>
> >>
> >>
> >
>
>
!