Microsoft Security Bulletin July 2004
From: Evelyn Ruf \(MS\) (evelynr_at_online.microsoft.com)
Date: 07/14/04
- Next message: Evelyn Ruf \(MS\): "Release of DOWNLOAD.JECT payload detection and removal tool to Microsoft Download Center"
- Previous message: Olaf Engelke [MVP]: "Re: Netzanmeldung"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 14 Jul 2004 07:57:53 +0200
Die folgende Security Nachricht ist heute Nacht von Microsoft
herausgegeben worden:
Today 13 July 2004, Microsoft is releasing 7 security updates for newly
discovered vulnerabilities in Microsoft Windows.
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Moderate, MS04-018
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Important, MS04-019
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Important, MS04-020
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Important, MS04-021
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Critical, MS04-022
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Critical, MS04-023
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Important, MS04-024
Summaries for these new bulletins may be found at the following page:
- http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx
Customers are advised to review the information in the bulletins, test
and deploy the updates immediately in their environments, if
applicable.
Microsoft will host a webcast tomorrow to address customer questions on
these bulletins. For more information on this webcast please see below:
- Information about Microsoft's July Security Bulletins
- Wednesday, July 14, 2004 10:00 AM - Wednesday, July 14, 2004 11:00
AM (GMT-08:00) Pacific Time (US & Canada)
- http://go.microsoft.com/fwlink/?LinkId=30865
- The on-demand version of the webcast will be available 24 hours
after the live webcast at:
- http://go.microsoft.com/fwlink/?LinkId=30865
MS04-018
Title: Cumulative Security Update for Outlook Express (823353)
Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP and Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of
this bulletin for details about these operating systems.
Affected Components:
- Microsoft Outlook Express 5.5 Service Pack 2
- Microsoft Outlook Express 6
- Microsoft Outlook Express 6 Service Pack 1
- Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition)
- Microsoft Outlook Express 6 on Windows Server 2003
- Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Moderate
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-018.mspx
**********************************************************************
MS04-019
Title: Vulnerability in Utility Manager Could Allow Code Execution
(842526)
Affected Software:
- Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Local Elevation of Privilege
Maximum Severity Rating: Important
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-019.mspx
**********************************************************************
MS04-020
Title: Vulnerability in POSIX Could Allow Code Execution (841872)
Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
Impact of Vulnerability: Local Elevation of Privilege
Maximum Severity Rating: Important
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-020.mspx
**********************************************************************
MS04-021
Title: Security Update for IIS 4.0 (841373)
Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
Affected Components:
- Microsoft Internet Information Server (IIS) 4.0
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-021.mspx
**********************************************************************
MS04-022
Title: Vulnerability in Task Scheduler Could Allow Code Execution
(841873)
Affected Software:
- Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP and Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
Affected Components:
- Internet Explorer 6 when installed on Windows NT 4.0 SP6a
(Workstation, Server, or Terminal Server Edition)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx
**********************************************************************
MS04-023
Title: Vulnerability in HTML Help Could Allow Code Execution (840315)
Affected Software:
- Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP and Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME) - Review the FAQ section of
this bulletin for details about these operating systems.
Affected Components:
- Internet Explorer 6.0 Service Pack 1 when installed on Windows NT
4.0 SP6a (Workstation, Server, or Terminal Server Edition)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx
**********************************************************************
MS04-024
Title: Vulnerability in Windows Shell Could Allow Remote Code
Execution (839645)
Affected Software:
- Microsoft Windows NT® Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows NT® Workstation 4.0 Service Pack 6a with Active
Desktop
- Microsoft Windows NT Server 4.0 Service Pack 6a with Active Desktop
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6 with Active Desktop
- Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP and Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME) - Review the FAQ section of
this bulletin for details about these operating systems.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-024.mspx
**********************************************************************
PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST
CURRENT INFORMATION ON THESE ALERTS.
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should
contact Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
Microsoft PSS Security Team
-- Gruss Evelyn Ruf Microsoft Deutschland (Microsoft kann für die Richtigkeit und Vollständigkeit der Inhalte in dieser Newsgroup keine Haftung übernehmen.)
- Next message: Evelyn Ruf \(MS\): "Release of DOWNLOAD.JECT payload detection and removal tool to Microsoft Download Center"
- Previous message: Olaf Engelke [MVP]: "Re: Netzanmeldung"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
