Bulletin ID: MS04-045 |
Title: Vulnerability in WINS Could Allow Remote Code Execution (870763) |
Update Type: Security Update |
Severity: Important |
Date: 2004-12-15 |
Description: This update resolves several newly-discovered, public and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. | ||||
Vulnerabilities: CAN-2004-0567 CAN-2004-1080 |
Included Updates: 870763 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition |
Bulletin ID: MS04-041 |
Title: Vulnerability in WordPad Could Allow Code Execution (885836) |
Update Type: Security Update |
Severity: Important |
Date: 2004-12-15 |
Description: This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. | ||||
Vulnerabilities: CAN-2004-0571 CAN-2004-0901 |
Included Updates: 885836 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS04-028 |
Title: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-12-15 |
Description: This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section. | ||||
Vulnerabilities: CAN-2004-0200 |
Included Updates: 833987 833989 886179 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS03-001 |
Title: Unchecked Buffer in Locator Service Could Lead to Code Execution (810833) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-12-15 |
Description: The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations or member servers, or Windows XP. | ||||
Vulnerabilities: |
Included Updates: 810833 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS04-034 |
Title: Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-11-20 |
Description: This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way that Windows processes Compressed (zipped) Folders. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CAN-2004-0575 |
Included Updates: 873376 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS04-031 |
Title: Vulnerability in NetDDE Could Allow Remote Code Execution (841533) |
Update Type: Security Update |
Severity: Important |
Date: 2004-11-20 |
Description: This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Network Dynamic Data Exchange (NetDDE) services because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CAN-2004-0206 |
Included Updates: 841533 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS04-030 |
Title: Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151) |
Update Type: Security Update |
Severity: Important |
Date: 2004-11-20 |
Description: This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CAN-2003-0718 |
Included Updates: 824151 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS04-036 |
Title: Vulnerability in NNTP Could Allow Remote Code Execution (883935) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-10-12 |
Description: This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems. This vulnerability could potentially affect systems that do not use NNTP. This is because some programs that are listed in the affected software section require that the NNTP component be enabled before you can install them. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
Vulnerabilities: CAN-2004-0574 |
Included Updates: 883935 |
Applies to: Windows Server 2003 Windows Server 2003, Datacenter Edition |
Bulletin ID: MS04-035 |
Title: Vulnerability in SMTP Could Allow Remote Code Execution (885881) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-10-12 |
Description: Subsequent to the release of this bulletin, it was determined that a variation of the vulnerability addressed also affects Exchange 2000 Server. Microsoft has updated the bulletin, on February 8, 2005, with additional information about Exchange 2000 Server and also to direct users to a security update for this additional affected platform. | ||||
Vulnerabilities: CAN-2004-0840 |
Included Updates: 885881 |
Applies to: Windows Server 2003 |
Bulletin ID: MS03-051 |
Title: Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-10-04 |
Description: Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms. | ||||
Vulnerabilities: |
Included Updates: 810217 813360 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS03-039 |
Title: Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-10-04 |
Description: The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities. | ||||
Vulnerabilities: |
Included Updates: 819696 824146 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS03-030 |
Title: Unchecked Buffer in DirectX Could Enable System Compromise (819696) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-07-23 |
Description: Subsequent to the original release of this bulletin, customers requested that we support additional versions of DirectX that were not covered by the original patches. This bulletin has been updated to provide information about a new patch, which is intended for customers using Windows 98, Windows 98 SE, Windows Millennium Edition, or Windows 2000 who have upgraded to Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, or 8.1b. | ||||
Vulnerabilities: |
Included Updates: 819696 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS02-063 |
Title: Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-06-10 |
Description: Windows 2000 and Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, and Windows ME. | ||||
Vulnerabilities: |
Included Updates: 329834 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS03-013 |
Title: Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493) |
Update Type: Security Update |
Severity: Important |
Date: 2004-04-23 |
Description: Microsoft re-issued this bulletin on May 28, 2003 to advise on the availability of an updated Windows XP Service Pack 1 patch. This revised patch corrects the performance issues that some customers experienced with the original Windows XP Service Pack 1 patch. | ||||
Vulnerabilities: |
Included Updates: 811493 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS03-045 |
Title: Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141) |
Update Type: Security Update |
Severity: Important |
Date: 2004-04-13 |
Description: Microsoft re-issued this bulletin on Janurary 13, 2004 to advise on the availability of an updated Windows NT 4.0 Workstation and Server patch for the Arabic, Hebrew, and Thai languages. | ||||
Vulnerabilities: |
Included Updates: 824141 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS03-043 |
Title: Buffer Overrun in Messenger Service Could Allow Code Execution (828035) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-04-09 |
Description: Subsequent to the release of this bulletin, it was determined that the update for Windows XP did not properly place the updated file wkssvc.dll into the %systemroot%\system32\dllcache. This problem is unrelated to the security vulnerability discussed in this bulletin. Microsoft recommends that customers who have previously applied the security update reinstall the latest version to insure that their system remains protected in the event that the wkssvc.dll is ever deleted or becomes corrupt. More information on this is available in the FAQ section of this bulletin. | ||||
Vulnerabilities: |
Included Updates: 828035 |
Applies to: Windows 2000 Windows Server 2003 Windows Server 2003, Datacenter Edition Windows XP |
Bulletin ID: MS03-027 |
Title: Unchecked Buffer in Windows Shell Could Enable System Compromise (821557) |
Update Type: Security Update |
Severity: Important |
Date: 2004-04-09 |
Description: The Windows shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows desktop. It also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start programs. | ||||
Vulnerabilities: |
Included Updates: 821557 |
Applies to: Windows XP |
Bulletin ID: MS03-007 |
Title: Unchecked Buffer In Windows Component Could Cause Server Compromise (815021) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-04-09 |
Description: Microsoft originally released this security bulletin on March 17, 2003. At that time, Microsoft was aware of a publicly available exploit that was being used to attack Windows 2000 Servers running IIS 5.0. The attack vector in this case was WebDAV although the underlying vulnerability was in a core operating system component, ntdll.dll. Microsoft issued a patch to protect Windows 2000 customers shortly afterwards, but also continued to investigate the underlying vulnerability. During the course of that investigation, Microsoft found that Windows NT 4.0 also contains the underlying vulnerability in ntdll.dll, however it does not support WebDAV and therefore the known exploit was not effective against Windows NT 4.0. In addition, Microsoft has recently been made aware of this vulnerability as well in Windows XP. However, like Windows NT 4.0, Windows XP does not install Internet Information Services (IIS) by default. Microsoft has now released patches for Windows NT 4.0 and Windows XP. | ||||
Vulnerabilities: |
Included Updates: 815021 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS03-021 |
Title: Flaw In Windows Media Player May Allow Media Library Access (819639) |
Update Type: Security Update |
Severity: Moderate |
Date: 2004-03-05 |
Description: An ActiveX control included with Windows Media Player 9 Series allows Web page authors to create Web pages that can play media and provide a user interface by which the user can control playback. When a user visits a Web page with embedded media, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the media. | ||||
Vulnerabilities: |
Included Updates: 819639 |
Applies to: Windows 2000 Windows Server 2003 Windows XP |
Bulletin ID: MS02-071 |
Title: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) |
Update Type: Security Update |
Severity: Important |
Date: 2004-02-09 |
Description: Subsequent to the release of this bulletin it was determined that the patch for Microsoft Windows NT 4.0 machines introduced an error that could, under certain configurations, cause NT 4.0 to fail. Microsoft has investigated this issue and has released an updated patch for Windows NT 4.0. The bulletin has been updated to include the new download links for the NT 4.0 patch. The error did not affect NT 4.0 TSE, except for the Japanese Language. Customers running the Japanese version of NT 4.0 TSE should apply the updated fix. | ||||
Vulnerabilities: |
Included Updates: 328310 |
Applies to: Windows 2000 |
Bulletin ID: MS03-033 |
Title: Unchecked Buffer in MDAC Function Could Enable System Compromise (823718) |
Update Type: Security Update |
Severity: Important |
Date: 2004-01-12 |
Description: Microsoft Data Access Components (MDAC) is a collection of components that are used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems: | ||||
Vulnerabilities: |
Included Updates: 823718 |
Applies to: Windows 2000 Windows XP |
Bulletin ID: MS03-017 |
Title: Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) |
Update Type: Security Update |
Severity: Critical |
Date: 2004-01-12 |
Description: Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of "skins". Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins. | ||||
Vulnerabilities: |
Included Updates: 817787 |
Applies to: Windows 2000 Windows XP |