[NEWS] - This weeks IE security hole of doom...

Handruin · Jan 29, 2004

Mercutio said:
"A security hole in Microsoft’s Internet Explorer could prove devastating.

Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be - including executables.

A demonstration of the hole is currently on security company Secunia’s website and demonstrates that if you click on a link, and select “Open” it purports to be downloading a pdf file whereas in fact it is an HTML executable file. " -- From the article

Yup, yet another hilarious example of why Microsoft's internet software should be considered a crime against humanity.

All we need is a major IIS hole and we'll have an MS-Trifecta for the week.

Link Source

Fushigi · Feb 5, 2004

Three MS security bulletins will be announced on the 10th.

Fushigi · Mar 10, 2004

Microsoft said:
Today, 9 March 2004 Microsoft is releasing three security updates for newly discovered vulnerabilities in Microsoft Windows, Microsoft Office, and MSN Products.

- One Microsoft Security Bulletin affecting Microsoft Windows with a maximum severity of Moderate, MS04-008.

- One Microsoft Security Bulletin affecting Microsoft Office with a maximum severity of Important, MS04-009.

- One Microsoft Security Bulletin affecting MSN Products with a maximum severity of Moderate, MS04-010.

The summary for these new bulletins may be found at the following pages:

- Microsoft Windows http://www.microsoft.com/technet/security/bulletin/winmar04.mspx

- Microsoft Office http://www.microsoft.com/technet/security/bulletin/offmar04.mspx

- MSN Products http://www.microsoft.com/technet/security/bulletin/msnmar04.mspx

In addition, Microsoft is re-releasing an update for Microsoft Windows.

- Information for this re-released bulletin may be found at http://www.microsoft.com/technet/security/Bulletin/MS03-022.mspx

Microsoft will host a Webcast tomorrow to address customer questions on these bulletins. For more information on this Webcast please see below:

- Information about Microsoft’s February Security Bulletins

- 3/10/2004 10:00 AM - 3/10/2004 11:00 AM

- Language: English-American

- http://go.microsoft.com/fwlink/?LinkId=24513

- The on-demand version of the Webcast will be available 24 hours

- After the live Webcast at:

- http://go.microsoft.com/fwlink/?LinkId=24513

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

**********************************************************************

TECHNICAL DETAILS

MS04-008

Title: Vulnerability in Windows Media Services Could Allow a Denial of Service

Affected Software:

- Microsoft Windows 2000 Server Service Pack 2

- Microsoft Windows 2000 Server Service Pack 3

- Microsoft Windows 2000 Server Service Pack 4

Affected Components:

- Windows Media Services 4.1 (included with Microsoft Windows 2000 Server)

Impact of Vulnerability: Denial of Service

Maximum Severity Rating: Important

Restart required: In some cases, this update does not require a reboot. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are in use, this update will require a reboot. If this occurs, a message appears that advises you to reboot.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-008.mspx

**********************************************************************

MS04-009

Title: Vulnerability in Outlook Could Allow a Remote Code Execution

Affected Software:

- Microsoft Office XP Service Pack 2

- Microsoft Outlook 2002

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Restart required: No

Update can be uninstalled: No

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-009.mspx

**********************************************************************

MS04-010

Title: Vulnerability in MSN Messenger Could Allow Information Disclosure

Affected Software:

- Microsoft MSN Messenger 6.0

- Microsoft MSN Messenger 6.1

Impact of Vulnerability: Information Disclosure

Maximum Severity Rating: Moderate

Restart required: This update may require a restart

Update can be uninstalled: No

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-010.mspx

**********************************************************************

MS03-022

Title: Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution

Affected Software:

- Microsoft Windows 2000

Affected Components:

- Windows Media Services 4.1 (included with Microsoft Windows 2000 Server)

Reason for Re-issue: Subsequent to the release of this bulletin, an issue was found related to the update’s installer. Specifically, an issue was found affecting customers who had applied this security update and then later uninstalled Windows Media Services and then re-installed Windows Media Services. These customers could not successfully apply the security update to the re-installed instance of Windows Media Player, thus leaving them vulnerable. This issue only affects customers in this specific scenario.

Customers who have uninstalled and re-installed Windows Media Services should apply the new version of this security update. All other customers need not take any action.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS03-022.mspx

PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS.

e_dawg · Mar 11, 2004

Severity = moderate? Bah! To paraphrase a dear old scotsman, if it's not critical, it's CRAP!

SteveC · Mar 11, 2004

e_dawg said:
Severity = moderate? Bah! To paraphrase a dear old scotsman, if it's not critical, it's CRAP!

They upgraded MS04-009 to critical.

e_dawg · Mar 11, 2004

That's more like it, laddy!

Fushigi · Mar 11, 2004

Yeah, I hadn't gotten around to posting the update in the sev rating.

Fushigi · Apr 13, 2004

And the latest....

Microsoft said:
Today, 13 April 2004 Microsoft is releasing four security updates for newly discovered vulnerabilities in Microsoft Windows.
- Three Microsoft Security Bulletins affecting Microsoft Windows with a maximum severity of Critical, MS04-011, MS04-012 and MS04-013.
- One Microsoft Security Bulletins affecting Microsoft Windows with a maximum severity of Important, MS04-014.

Summaries for these new bulletins may be found at the following page:
- Microsoft Windows http://www.microsoft.com/technet/security/bulletin/winapr04.mspx

In addition, Microsoft is re-releasing updates for Microsoft Exchange.

Information on these re-released bulletins may be found at the following pages:
- http://www.microsoft.com/technet/security/Bulletin/MS00-082.mspx
- http://www.microsoft.com/technet/security/Bulletin/MS01-041.mspx
- http://www.microsoft.com/technet/security/Bulletin/MS02-011.mspx
- http://www.microsoft.com/technet/security/bulletin/MS03-046.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft will host a Webcast tomorrow to address customer questions on these bulletins. For more information on this Webcast please see below:
- Information about Microsoft’s April’s Security Bulletins
- 4/14/2004 10:00 AM - 4/14/2004 11:00 AM PDT
- http://go.microsoft.com/fwlink/?LinkId=25390
- The on-demand version of the Webcast will be available 24 hours after the live Webcast at:
- http://go.microsoft.com/fwlink/?LinkId=25390

**********************************************************************

TECHNICAL DETAILS

MS04-011

Title: Security Update for Microsoft Windows

Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft NetMeeting
- Microsoft Windows 98 – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows 98 Second Edition (SE) – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows Millennium Edition (ME) – Please review the FAQ section of the bulletin for details about this operating system.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

**********************************************************************

MS04-012

Title: Cumulative Update for Microsoft RPC/DCOM

Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98 – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows 98 Second Edition (SE) – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows Millennium Edition (ME) – Please review the FAQ section of the bulletin for details about this operating system.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

**********************************************************************

MS04-013

Title: Cumulative Security Update for Outlook Express

Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98 – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows 98 Second Edition (SE) – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows Millennium Edition (ME) – Please review the FAQ section of the bulletin for details about this operating system.

Affected Components:
- Microsoft Outlook Express 5.5 SP2
- Microsoft Outlook Express 6
- Microsoft Outlook Express 6 SP1
- Microsoft Outlook Express 6 SP1 (64 bit Edition)
- Microsoft Outlook Express 6 on Windows Server 2003
- Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx

**********************************************************************

MS04-014

Title: Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution

Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98 – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows 98 Second Edition (SE) – Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows Millennium Edition (ME) – Please review the FAQ section of the bulletin for details about this operating system.

Affected Components:
- Microsoft Jet Database Engine version 4.0

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Restart required: If the needed services cannot be stopped for any reason or if required files are in use, this update will require a reboot.

Update can be uninstalled: No

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx

**********************************************************************

MS00-082

Title: Patch Available for 'Malformed MIME Header' Vulnerability

Affected Software:
- Microsoft Exchange Server 5.0
- Microsoft Exchange Server 5.5

Reason for Re-issue: Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects Exchange Server 5.0. Microsoft has updated the bulletin with additional information about Exchange Server 5.0 and also to direct users to a security update for this additional affected platform.

Customers who have already deployed this update for Microsoft Exchange Server 5.5 need not take any action.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS00-082.mspx

**********************************************************************

MS01-041

Title: Malformed RPC Request Can Cause Service Failure

Affected Software:
- Microsoft Exchange Server 5.0
- Microsoft Exchange Server 5.5
- Microsoft Exchange 2000 Server`
- Microsoft SQL Server 7.0
- Microsoft SQL Server 2000
- Microsoft Windows NT 4.0
- Microsoft Windows 2000

Reason for Re-issue: Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects Exchange Server 5.0. Microsoft has updated the bulletin with additional information about Exchange Server 5.0 and also to direct users to a security update for this additional affected platform.

Customers who have already deployed this update for Microsoft Exchange Server 5.5, Microsoft Exchange 2000 Server, Microsoft SQL Server 7.0, Microsoft SQL Server 2000, Microsoft Windows NT 4.0 or Microsoft Windows 2000 need not take any action.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS01-041.mspx

**********************************************************************

MS02-011

Title: Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service

Affected Software:
- Microsoft Windows 2000
- Microsoft Windows NT Server 4.0 Option Pack
- Microsoft Exchange Server 5.5

Reason for Re-issue: Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects Windows NT Server 4.0 Server Option Pack. Microsoft has updated the bulletin with additional information about Windows NT Server 4.0 Option Pack and Exchange Server 5.0 and also to direct users to a security update for Windows NT Server 4.0.

Customers who have already deployed this update for Microsoft Exchange Server 5.5, or Microsoft Windows 2000 need not take any action.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS02-011.mspx

**********************************************************************

MS03-046

Title: Vulnerability in Exchange Server Could Allow Arbitrary Code Execution

Affected Software:
- Microsoft Exchange Server 5.0
- Microsoft Exchange Server 5.5
- Microsoft Exchange 2000 Server`

Reason for Re-issue: Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects Exchange Server 5.0. Microsoft has updated the bulletin with additional information about Exchange Server 5.0 and also to direct users to a security update for this additional affected platform.

Customers who have already deployed this update for Microsoft Exchange Server 5.5, or Microsoft Exchange 2000 server need not take any action.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS03-046.mspx

PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS.

Fushigi · Apr 14, 2004

And CERT's response:

Multiple Vulnerabilities in Microsoft Products

Original release date: April 13, 2004
Last revised: --
Source: US-CERT

Systems Affected

* Microsoft Windows Operating Systems
* Microsoft Windows Remote Procedure Call (RPC) and Distributed Component Object Model (DCOM) subsystems
* Microsoft Windows MHTML Protocol Handler
* Microsoft Jet Database Engine

Overview

Microsoft Corporation has released a series of security bulletins affecting most users of the Microsoft Windows operating system. Users of systems running Microsoft Windows are strongly encouraged to visit the "Windows Security Updates for April 2004" site at <https://www.microsoft.com/security/security_bulletins/200404_windows.
asp> and take actions appropriate to their system configurations.

I. Description

Microsoft has released four security bulletins listing a number of vulnerabilities which affect a variety of Microsoft Windows software packages. The following section summarizes the issues identified in their bulletins.

Summary of Microsoft Bulletins for April 2004

Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)

This bulletin addresses 14 vulnerabilities affecting the systems listed below. There are several new vulnerabilities address by this bulletin, and several updates to previously reported vulnerabilities.

Impact

Remote attackers could execute arbitrary code on vulnerable systems.

Systems affected

* Windows NT Workstation 4.0
* Windows NT Server 4.0
* Windows NT Server 4.0, Terminal Server Edition
* Windows 2000
* Windows XP
* Windows Server 2003

Vulnerability identifiers

The following table outlines these issues and is based on Microsoft's Security Bulletin:

Vulnerability Title |US-CERT ID |CVE ID | Impact of Vulnerability
--------------------+-----------+-------------+------------------------
LSASS Vulnerability |VU#753212 |CAN-2003-0533| Remote Code Execution
LDAP Vulnerability |VU#639428 |CAN-2003-0663| Denial of Service
PCT Vulnerability |VU#586540 |CAN-2003-0719| Remote Code Execution
Winlogon Vulnerabili|VU#471260 |CAN-2003-0806| Remote Code Execution
Metafile Vulnerabili|VU#547028 |CAN-2003-0906| Remote Code Execution
Help and Support Cen|VU#260588 |CAN-2003-0907| Remote Code Execution
Utility Manager Vuln|VU#526084 |CAN-2003-0908| Privilege Elevation
Windows Management V|VU#206468 |CAN-2003-0909| Privilege Elevation
Local Descriptor Tab|VU#122076 |CAN-2003-0910| Privilege Elevation
H.323 Vulnerability |VU#353956 |CAN-2004-0117| Remote Code Execution
Virtual DOS Machine |VU#783748 |CAN-2004-0118| Privilege Elevation
Negotiate SSP Vulner|VU#638548 |CAN-2004-0119| Remote Code Execution
SSL Vulnerability |VU#150236 |CAN-2004-0120| Denial of Service
ASN.1 "Double Free" |VU#255924 |CAN-2004-0123 Remote Code Execution

Security Bulletin MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741)

This bulletin addresses several new vulnerabilities affecting the systems listed below. These vulnerabilities are in Microsoft Windows Remote Procedure Call (RPC) and Distributed Component Object Model (DCOM).

Impact

Remote attackers could execute arbitrary code on vulnerable systems.

Systems affected

* Windows NT Workstation 4.0
* Windows NT Server 4.0
* Windows NT Server 4.0, Terminal Server Edition
* Windows 2000
* Windows XP
* Windows Server 2003

Vulnerability identifiers

The following table outlines these issues and is based on Microsoft's Security Bulletin:

Vulnerability Title |US-CERT ID |CVE ID | Impact of Vulnerability
--------------------+-----------+-------------+------------------------
RPC Runtime Library |VU#547820 |CAN-2003-0813| Remote Code Execution
RPCSS Service Vulner|VU#417052 |CAN-2004-0116| Denial of Service
RPC over HTTP Vulner|VU#698564 |CAN-2003-0807| Denial of Service
Object Identity Vuln|VU#212892 |CAN-2004-0124| Information Disclosure

Security Bulletin MS04-013:Cumulative Security Update for Outlook Express (837009)

This bulletin addresses a vulnerability affecting the systems listed below. The vulnerability affects the Microsoft Windows MHTML Protocol handler and any applications that use it, including Microsoft Outlook and Internet Explorer. This vulnerability has been assigned VU#323070 and CAN-2004-0380.

Note: MS04-013 includes patches remediating the vulnerability described in TA04-099A.

Impact

Remote attackers could execute arbitrary code on vulnerable systems.

Systems affected

* Windows NT Workstation 4.0
* Windows NT Server 4.0
* Windows NT Server 4.0, Terminal Server Edition
* Windows 2000
* Windows XP
* Windows Server 2003
* Windows 98
* Windows 98 Second Edition (SE)
* Windows Millennium Edition (Windows Me)

Note: This issue affects systems with Outlook Express installed. Outlook Express is installed by default on most (if not all) current versions of Microsoft Windows.

Security Bulletin MS04-014: Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)

This bulletin addresses a vulnerability affecting the systems listed below. There is a buffer overflow vulnerability in Microsoft's Jet Database Engine (Jet). An attacker could take control of a vulnerable system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. This vulnerability has been assigned VU#740716 and CAN-2004-0197.

Impact

Remote attackers could execute arbitrary code on vulnerable systems.

Systems affected

* Windows NT Workstation 4.0
* Windows NT Server 4.0
* Windows NT Server 4.0, Terminal Server Edition
* Windows 2000
* Windows XP
* Windows Server 2003

Update to TA04-099A

Microsoft has released a patch that addresses the cross-domain vulnerability discussed in TA04-099A: "Vulnerability in Internet Explorer ITS Protocol Handler". US-CERT is tracking this issue as VU#323070. This reference number corresponds to CVE candidate CAN-2004-0380.

The patches and further information about the vulnerability are available in Microsoft Security Bulletin MS04-013. MS04-013 is titled "Cumulative Security Update for Outlook Express". Since most (if not all) current Windows systems have Outlook Express installed by default, and the MHTML protocol handler is part of the Outlook Express software package, most (if not all) Windows systems should be considered vulnerable.

TA04-099A and VU#323070 focused on the ITS protocol handlers; however, the latent vulnerability appears to be in the MHTML handler shipped as part of Outlook Express. These documents have been updated.

II. Impact

Several of the issues identified by Microsoft have been described as "Critical" in nature.Each bulletin contains at least one vulnerability which may allow remote attackers to execute arbitrary code on affected systems. The privileges gained would depend on the security context of the software and vulnerability exploited.

III. Solution

Apply an appropriate set of updates from Microsoft

Please see the following site for more information about appropriate remediation.

Windows Security Updates for April 2004 -
<http://www.microsoft.com/security/security_bulletins/200404_windows
.asp>

Appendix A. Vendor Information

This appendix contains information provided by vendors for this technical alert. As vendors report new information to US-CERT, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.

Microsoft Corporation

Windows Security Updates for April 2004

+ Microsoft Security Bulletin MS04-011 - Security Update for Microsoft Windows (835732)
+ Microsoft Security Bulletin MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
+ Microsoft Security Bulletin MS04-013 - Cumulative Security Update for Outlook Express (837009)
+ Microsoft Security Bulletin MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)

Appendix B. References

* Technical Cyber Security Alert TA04-099A: Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler - <http://www.us-cert.gov/cas/techalerts/TA04-099A.html>
* US-CERT Cyber Security Alert SA04-104A: Summary of Windows Security Updates for April 2004 - <http://www.us-cert.gov/cas/alerts/SA04-104A.html>
* Windows Security Updates for April 2004 - <http://www.microsoft.com/security/security_bulletins/200404_windows.asp>
* Microsoft Security Bulletin MS04-011 - Security Update for Microsoft Windows (835732) - <http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx>
* Microsoft Security Bulletin MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741) - <http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx>
* Microsoft Security Bulletin MS04-013 - Cumulative Security Update for Outlook Express (837009) - <http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx>
* Microsoft Security Bulletin MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001) - <http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx>
* Microsoft Security Response Center Security Bulletin Severity Rating System (Revised, November 2002) - <http://www.microsoft.com/technet/security/bulletin/rating.mspx>
* Vulnerability Note VU#323070: Outlook Express MHTML protocol handler does not properly validate location of alternate data - <http://www.kb.cert.org/vuls/id/323070>
* Vulnerability Note VU#547820: Microsoft Windows DCOM/RPC vulnerability - <http://www.kb.cert.org/vuls/id/547820>
* Vulnerability Note VU#740716: Microsoft Jet Database Engine database request handling buffer overflow - <http://www.kb.cert.org/vuls/id/740716>
_________________________________________________________________

Feedback about this technical alert should be sent to "US-CERT Technical Alert" at <mailto:cert@cert.org>. Please include the Subject line "TA04-104A Feedback VU#667571".
_________________________________________________________________

Copyright 2004 Carnegie Mellon University. Terms of use: <http://www.us-cert.gov/legal.html>
Revision History
April 13, 2004: Initial release

Fushigi · Jun 8, 2004

Microsoft said:
Today 8 June 2004 Microsoft is releasing updates for two newly discovered vulnerabilities affecting Microsoft Windows, Microsoft Office, Microsoft Visual Studio, and Microsoft Business Solutions CRM.

· One Microsoft Security Bulleting affecting Microsoft Windows with a maximum severity of Moderate, MS04-016
· One Microsoft Security Bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft Business Solutions CRM with a maximum severity rating of Moderate, MS04-017

The summary for these new bulletins may be found at the following page:

· http://www.microsoft.com/technet/security/bulletin/ms04-jun.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft will host a WebCast tomorrow to address customer questions on these bulletins. For more information on this WebCast please see below:

- Information about Microsoft’s June 2004 Security Bulletins
- 6/9/2004 10:00 AM - 6/9/2004 11:00 AM - (GMT -08:00) Pacific Time
- http://go.microsoft.com/fwlink/?LinkId=28770

The on-demand version of the WebCast will be available 24 hours after the live WebCast at:

- http://go.microsoft.com/fwlink/?LinkId=28770

****************************************************************

TECHNICAL DETAILS

MS04-016

Title: Vulnerability in DirectPlay Could Allow Denial of Service (839643)

Affected Software:

- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows Millennium Edition

Affected Components:

- Microsoft DirectX 7.0a on Windows 98
- Microsoft DirectX 7.0a on Windows 98 Second Edition
- Microsoft DirectX 7.0 on Windows 2000
- Microsoft DirectX 7.1 on Windows Millennium Edition
- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 98
- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 98 Second Edition
- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows Millennium Edition
- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 2000
- Microsoft DirectX 8.1, 8.1a, and 8.1b on Windows XP
- Microsoft DirectX 8.1, 8.1a, and 8.1b on Windows Server 2003
- Microsoft DirectX 8.2 on Windows 98
- Microsoft DirectX 8.2 on Windows 98 Second Edition
- Microsoft DirectX 8.2 on Windows Millennium Edition
- Microsoft DirectX 8.2 on Windows 2000
- Microsoft DirectX 8.2 on Windows XP
- Microsoft DirectX 8.2 on Windows Server 2003
- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 98
- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 98 Second Edition
- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows Millennium Edition
- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 2000
- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows XP
- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows Server 2003

Impact of Vulnerability: Denial of Service

Maximum Severity Rating: Moderate

Restart required: In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason or if required files are in use, this update will require a restart. If this occurs, a message is displayed that advises you to restart.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-016.mspx

****************************************************************

MS04-017

Title: Vulnerability in Crystal Reports Web Viewer could allow Information Disclosure and Denial of Service (842689)

Affected Software:

- Visual Studio .NET 2003
- Outlook 2003 with Business Contact Manager
- Microsoft Business Solutions CRM 1.2

Impact of Vulnerability: Information Disclosure and Denial of Service

Maximum Severity Rating: Moderate

Restart required: This security update will require a restart if the file being updated is in use when the update is applied to the system.

Update can be uninstalled: Some updates can be uninstalled

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-017.mspx

Platform · Jun 25, 2004

This one has beeen gathering steam since yesterday:

http://www.microsoft.com/security/incident/download_ject.mspx

http://www.us-cert.gov/current/current_activity.html#iis5

http://www.eweek.com/article2/0,1759,1617233,00.asp?kc=ewnws062504dtx1k0000599

Platform · Jun 25, 2004

...Users can search their computers for the files Kk32.dll or Surf.dat to see if they are infected. Removal tools are available from major anti-virus vendors...

fb · Jul 31, 2004

Microsoft said:
Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

Issued: July 30, 2004
Version: 1.0
Summary

Who should read this document: Customers who use Microsoft® Internet Explorer

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS04-004, which is itself a cumulative update.

Caveats: This update does not include hotfixes for Internet Explorer provided since the release of MS04-004. Customers who have received hotfixes from Microsoft or their support providers since the release of MS04-004 should review the FAQ section for this update to determine how this update might impact their operating systems.

http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx

[NEWS] - This weeks IE security hole of doom...

Handruin

Administrator

Fushigi

Storage Is My Life

Fushigi

Storage Is My Life

e_dawg

Storage Freak

SteveC

Storage is cool

e_dawg

Storage Freak

Fushigi

Storage Is My Life

Fushigi

Storage Is My Life

Fushigi

Storage Is My Life

Fushigi

Storage Is My Life

Platform

Learning Storage Performance

Platform

Learning Storage Performance

fb

Storage is cool