One, two, three, four MS alerts are at our door

Today's inbox is packed with security alerts from Microsoft. You wait ages - OK, days, maybe weeks - for Microsoft vulns, then four come at once. Just like London's buses.

And so to Microsoft's first security alert of 2003. A buffer overflow flaw in the Locator Service in Windows NT 4.0, Windows 2000, and Windows XP can allow attackers to run malicious code on vulnerable machines, Redmond (which defines the flaw as critical) warns.

Microsoft Locator service maps logical names to network-specific names. It is only enabled by default on Windows 2000 and NT 4.0 domain controllers - not clients.

A malicious constructed malformed request should be blocked by a properly configured firewall but that doesn't guard against malicious insiders, so the risk is not be sniffed at. More details on this critical vulnerability, found by David Litchfield of Next Generation Security Software, are in Microsoft's alert here.

Next up is a flaw in how Outlook 2002 handles V1 Exchange Server security certificates could lead to encryption failure and HTML emails sent fro the client been transmitted in clear text. V1 represents an alternative to S/MIME-based digital certificates but are far less commonly used. Since the flaw involves V1 only - not S/MIME - Microsoft ranks the threat as moderate. Find out more

.

Moving along briskly, we have a

for Microsoft Content Management Server 2001 which, among other things, addresses a Cross-Site Scripting flaw. This vulnerability (defined on the Microsoft threat index as "moderate") enables an attacker to hoax users into parting with information, by tricking them into clicking on a maliciously constructed link, most likely using spam.

Last, we have the

on a flaw in Server Message Block (SMB) signing that could enable group policy to be modified. Although nominally a file-sharing protocol, SMB is also used to disseminate group policy information from domain controllers to newly logged on systems. Last year, Microsoft realised that the encryption used for this in Windows 2000 was less than perfect hence a (tricky to exploit) risk. At the time it thought the problem for WinXP users was fixed with SP1.

That's not so, hence the need to reissue the alert and publicise the availability of an XP patch.

That's all for now folks, stay tuned for further updates from AlertWatch. ®