Important Product Vulnerability - December 2004 Microsoft Security Bulletin Release
From: Evelyn Ruf \(MS\) (evelynr_at_online.microsoft.com)
Date: 12/14/04
- Next message: Roland Bierlein: "Re: Important Product Vulnerability - December 2004 Microsoft Security Bulletin Release"
- Previous message: Wolfgang Ewert: "ntsvcfg.de Webseite der Woche (bei WinTotal)"
- Next in thread: Roland Bierlein: "Re: Important Product Vulnerability - December 2004 Microsoft Security Bulletin Release"
- Reply: Roland Bierlein: "Re: Important Product Vulnerability - December 2004 Microsoft Security Bulletin Release"
- Reply: Gerald H.: "RE: Important Product Vulnerability - December 2004 Microsoft Securit"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 14 Dec 2004 19:22:13 +0100
Gerade wurde folgende Security Nachricht von Microsoft herausgegeben:
Microsoft is releasing five security bulletins for newly discovered
vulnerabilities in Microsoft Windows.
- 5 Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Important, MS04-041, MS04-042, MS04-043, MS04-044,
MS04-045.
The summary for this month's bulletins can be found at the following
page:
- http://www.microsoft.com/technet/security/bulletin/ms04-dec.mspx
In addition, Microsoft is releasing new updates for Microsoft Visual
FoxPro 8.0 and standalone updates for Microsoft .NET Framework in
regards to MS04-028.
Information on these re-released bulletins may be found at the
following pages:
- http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Customers are advised to review the information in the bulletins, test
and deploy the updates immediately in their environments, if
applicable.
Microsoft will host a webcast to address customer questions on these
bulletins. For more information on this webcast please see below:
- Information about Microsoft's December Security Bulletins
- Wednesday, December 15, 2004 11:00 AM (GMT-08:00) Pacific Time (US &
Canada)
-
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032264801&Culture=en-US
- The on-demand version of the webcast will be available 24 hours
after the live webcast at:
-
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032264801&Culture=en-US
**********************************************************************
TECHNICAL DETAILS
MS04-041
Title: Vulnerability in WordPad Could Allow Code Execution (885836)
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME) - Review the FAQ section of
this bulletin for details about these operating
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: No
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-041.mspx
**********************************************************************
MS04-042
Title: Vulnerability in DHCP Could Allow Remote Code Execution and
Denial of Service (885249)
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
Non-Affected Software:
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-042.mspx
**********************************************************************
MS04-043
Title: Vulnerability in HyperTerminal Could Allow Code Execution
(873339)
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
Non-Affected Software:
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
Affected Components:
- HyperTerminal
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: No
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx
**********************************************************************
MS04-044
Title: Vulnerabilities in Windows Kernel and LSASS Could Allow
Elevation of Privilege (885835)
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
Non-Affected Software:
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx
**********************************************************************
MS04-045
Title: Vulnerability in WINS Could Allow Remote Code Execution
(870763)
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
- Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows
2000 Server Service Pack 4
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
Non-Affected Software:
- Microsoft Windows 2000 Professional Service Pack 3 and Microsoft
Windows 2000 Professional Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services
cannot be stopped for any reason, or if required files are in use, this
update will require a restart. If this occurs, a message appears that
advises you to restart.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx
**********************************************************************
MS04-028
Title: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code
Execution (833987)
Affected Software (re-release only):
- Microsoft Visual FoxPro 8.0
- Microsoft Visual FoxPro 8.0 Runtime Library
New Stand-alone updates available for:
- Microsoft .NET Framework version 1.0 Service Pack 2
- Microsoft .NET Framework version 1.1
Reason for Re-issue:
The bulletin has been updated to advise on the availability of
additional updates that help address this vulnerability:
- Standalone security updates for The Microsoft .NET Framework version
1.0 Service Pack 2 and The Microsoft .NET Framework version 1.1 are now
available. Based on customer feedback, Microsoft has created standalone
updates for customers who have not yet deployed .NET Framework 1.0
Service Pack 3 or .NET Framework 1.1 Service Pack 1. However, Microsoft
recommends that customers install the latest version of the appropriate
service pack in order to receive the best protection from this
vulnerability as well as other security related issues. Customers can
either install The Microsoft .NET Framework 1.0 Service Pack 3 or The
Microsoft .NET Framework 1.1 Service Pack 1. Customers that have
already installed these service packs do not need to apply these
additional security updates.
- Security updates for Microsoft Visual FoxPro 8.0 are now available.
Developers should use the update for Microsoft Visual FoxPro 8.0 to
update their development environment. Customers using third party
applications that were developed using Microsoft Visual FoxPro 8.0 that
distribute a copy of the vulnerable gdiplus.dll file should evaluate
the need to deploy the security update for the Microsoft Visual FoxPro
8.0 Runtime Library.
- Windows Messenger 5.0 distributes a copy of the vulnerable version
of the gdiplus.dll file. However, it is not vulnerable to any known or
likely attack vectors and therefore is not considered to be vulnerable
to this issue. However, customers that are concerned about the presence
of this file and possible future attack vectors that may be found
should upgrade to Windows Messenger 5.1. Windows Messenger 5.1 contains
the latest version of the gdiplus.dll file and is the recommended
version of Windows Messenger. Windows Messenger 5.1 can be downloaded
from the following Web site.
The MS04-028 Enterprise Update Scanning Tool has been updated to detect
and deploy the stand along security updates for The Microsoft .NET
Framework version 1.0 Service Pack 2 and The Microsoft .NET Framework
version 1.1 as well as the Microsoft Visual FoxPro 8.0 and the
Microsoft Visual FoxPro 8.0 runtime. Since Windows Messenger is not
considered to be vulnerable to any known or likely attack vectors, it
has not been included in this update. For more information about the
MS04-028 Enterprise Update Scanning Tool, see Microsoft Knowledge Base
Article 886988.
More information on this re-issued bulletin is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST
CURRENT INFORMATION ON THESE ALERTS.
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should
contact Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary at the number located at
http://support.microsoft.com/security
Thank you,
Microsoft PSS Security Team
-- Gruss Evelyn Ruf Microsoft Deutschland (Microsoft kann für die Richtigkeit und Vollständigkeit der Inhalte in dieser Newsgroup keine Haftung übernehmen.)
- Next message: Roland Bierlein: "Re: Important Product Vulnerability - December 2004 Microsoft Security Bulletin Release"
- Previous message: Wolfgang Ewert: "ntsvcfg.de Webseite der Woche (bei WinTotal)"
- Next in thread: Roland Bierlein: "Re: Important Product Vulnerability - December 2004 Microsoft Security Bulletin Release"
- Reply: Roland Bierlein: "Re: Important Product Vulnerability - December 2004 Microsoft Security Bulletin Release"
- Reply: Gerald H.: "RE: Important Product Vulnerability - December 2004 Microsoft Securit"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
