[Dshield] Several fixes available for critical vulnerabilitiesinMS IE and various flavours of MS Windows

Thor Larholm thor at pivx.com
Wed Apr 14 17:56:14 GMT 2004


There's also 4 older advisories that have been re-released with new
patches without notice on microsoft.com/security. These are:

MS00-082 - Patch Available for 'Malformed MIME Header' Vulnerability 
http://www.microsoft.com/technet/security/Bulletin/MS00-082.mspx
 
MS01-041 - Malformed RPC Request Can Cause Service Failure 
http://www.microsoft.com/technet/security/Bulletin/MS01-041.mspx
 
MS02-011 - Authentication Flaw Could Allow Unauthorized Users To
Authenticate To SMTP Service 
http://www.microsoft.com/technet/security/Bulletin/MS02-011.mspx
 
MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code
Execution (829436) 
http://www.microsoft.com/technet/security/Bulletin/MS03-046.mspx
 

A broad summary for the April 2004 patches can be found at 
 
http://www.microsoft.com/technet/security/bulletin/winapr04.mspx


MS04-013 fixes the current range of MHTML/CHM related exploits.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor at pivx.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 


-----Original Message-----
From: Chuck Lewis [mailto:clewis at iquest.net] 
Sent: Wednesday, April 14, 2004 7:12 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Several fixes available for critical
vulnerabilitiesinMS IE and various flavours of MS Windows


Peter,

Nice catch - thanks. I just went there (and TRY to keep up to date) and
there were 5 critical updates... 

The 4 you mention:

Security Update for Microsoft Windows (835732)
Cumulative Update for Microsoft RPC/DCOM (828741)
Cumulative Security Update for Outlook Express (837009) Check
Vulnerability in the Microsoft Jet Database Engine Could Allow Code
Execution (837001)

And:

Critical Update for Internet Explorer 6 Service Pack 1 (KB831167)
Download size: 378 KB, < 1 minute An identified issue may cause errors
when Internet Explorer attempts to renew a connection to a server. You
should apply this update if you begin to receive errors connecting to
websites after you have applied the KB832894 security update to Internet
Explorer. After you install this item, you may need to restart your
computer. Read more...

Chuck

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]
On Behalf Of Peter Stendahl-Juvonen
Sent: Wednesday, April 14, 2004 5:26 AM
To: DShield General DShield Discussion List
Subject: [Dshield] Several fixes available for critical vulnerabilities
inMS IE and various flavours of MS Windows

Several fixes available for critical vulnerabilities in MS IE and
various flavours of MS Windows

FYI-

For those concerned (MS Security Bulletins and patches issued April 13,
2004)-


1) Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Who should read this document: Customers who use MicrosoftR WindowsR
Impact of vulnerability:  Remote Code Execution Maximum Severity Rating:
Critical
Recommendation: Customers should apply the update immediately.

Affected Software (in addition to Windows): Microsoft NetMeeting


2) Microsoft Security Bulletin MS04-012
Cumulative Update for Microsoft RPC/DCOM (828741)

http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

Who should read this document: Customers who use MicrosoftR WindowsR
Impact of vulnerability:  Remote Code Execution Maximum Severity Rating:
Critical
Recommendation: Customers should apply the update immediately.


3) Microsoft Security Bulletin MS04-013
Cumulative Security Update for Outlook Express (837009)

http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

Who should read this document: Customers who have MicrosoftR Outlook
ExpressR installed Impact of vulnerability:  Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces MS03-014: Cumulative
Update for Outlook Express, and any prior Cumulative Security Update for
Outlook Express.


4) Microsoft Security Bulletin MS04-014
Vulnerability in the Microsoft Jet Database Engine Could Allow Code
Execution (837001)

http://www.microsoft.com/technet/security/bulletin/ms04-014.mspx

Who should read this document: Customers who use MicrosoftR WindowsR
Impact of vulnerability:  Remote Code Execution Maximum Severity Rating:
Important
Recommendation: Customers should install the update at the earliest
opportunity.


Have downloaded and applied all patches. Installs and runs fine. (In
nationalized [Finnish language] W2K Pro platform.)

Happy patching


- Pete


                 "Absence of occupation is not rest; 
             A mind quite vacant is a mind distressed."
              William Cowper (1731-1800); English poet.


_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list