LanGuard reports



Supported Microsoft Security Bulletins


More information on 2004 updates



Bulletin ID:
MS04-045
Title:
Vulnerability in WINS Could Allow Remote Code Execution (870763)
Update Type:
Security Update
Severity:
Important
Date:
2004-12-15
Description:
This update resolves several newly-discovered, public and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Vulnerabilities:
CAN-2004-0567
CAN-2004-1080
Included Updates:
870763
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition

Bulletin ID:
MS04-041
Title:
Vulnerability in WordPad Could Allow Code Execution (885836)
Update Type:
Security Update
Severity:
Important
Date:
2004-12-15
Description:
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Vulnerabilities:
CAN-2004-0571
CAN-2004-0901
Included Updates:
885836
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS04-028
Title:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Update Type:
Security Update
Severity:
Critical
Date:
2004-12-15
Description:
This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.
Vulnerabilities:
CAN-2004-0200
Included Updates:
833987
833989
886179
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-001
Title:
Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
Update Type:
Security Update
Severity:
Critical
Date:
2004-12-15
Description:
The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations or member servers, or Windows XP.
Vulnerabilities:

Included Updates:
810833
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS04-034
Title:
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
Update Type:
Security Update
Severity:
Critical
Date:
2004-11-20
Description:
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way that Windows processes Compressed (zipped) Folders. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Vulnerabilities:
CAN-2004-0575
Included Updates:
873376
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS04-031
Title:
Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
Update Type:
Security Update
Severity:
Important
Date:
2004-11-20
Description:
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Network Dynamic Data Exchange (NetDDE) services because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Vulnerabilities:
CAN-2004-0206
Included Updates:
841533
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS04-030
Title:
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
Update Type:
Security Update
Severity:
Important
Date:
2004-11-20
Description:
This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Vulnerabilities:
CAN-2003-0718
Included Updates:
824151
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS04-036
Title:
Vulnerability in NNTP Could Allow Remote Code Execution (883935)
Update Type:
Security Update
Severity:
Critical
Date:
2004-10-12
Description:
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems. This vulnerability could potentially affect systems that do not use NNTP. This is because some programs that are listed in the affected software section require that the NNTP component be enabled before you can install them. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Vulnerabilities:
CAN-2004-0574
Included Updates:
883935
Applies to:
Windows Server 2003
Windows Server 2003, Datacenter Edition

Bulletin ID:
MS04-035
Title:
Vulnerability in SMTP Could Allow Remote Code Execution (885881)
Update Type:
Security Update
Severity:
Critical
Date:
2004-10-12
Description:
Subsequent to the release of this bulletin, it was determined that a variation of the vulnerability addressed also affects Exchange 2000 Server. Microsoft has updated the bulletin, on February 8, 2005, with additional information about Exchange 2000 Server and also to direct users to a security update for this additional affected platform.
Vulnerabilities:
CAN-2004-0840
Included Updates:
885881
Applies to:
Windows Server 2003

Bulletin ID:
MS03-051
Title:
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Update Type:
Security Update
Severity:
Critical
Date:
2004-10-04
Description:
Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms.
Vulnerabilities:

Included Updates:
810217
813360
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-039
Title:
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Update Type:
Security Update
Severity:
Critical
Date:
2004-10-04
Description:
The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.
Vulnerabilities:

Included Updates:
819696
824146
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS03-030
Title:
Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Update Type:
Security Update
Severity:
Critical
Date:
2004-07-23
Description:
Subsequent to the original release of this bulletin, customers requested that we support additional versions of DirectX that were not covered by the original patches. This bulletin has been updated to provide information about a new patch, which is intended for customers using Windows 98, Windows 98 SE, Windows Millennium Edition, or Windows 2000 who have upgraded to Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, or 8.1b.
Vulnerabilities:

Included Updates:
819696
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS02-063
Title:
Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
Update Type:
Security Update
Severity:
Critical
Date:
2004-06-10
Description:
Windows 2000 and Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, and Windows ME.
Vulnerabilities:

Included Updates:
329834
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-013
Title:
Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)
Update Type:
Security Update
Severity:
Important
Date:
2004-04-23
Description:
Microsoft re-issued this bulletin on May 28, 2003 to advise on the availability of an updated Windows XP Service Pack 1 patch. This revised patch corrects the performance issues that some customers experienced with the original Windows XP Service Pack 1 patch.
Vulnerabilities:

Included Updates:
811493
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-045
Title:
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
Update Type:
Security Update
Severity:
Important
Date:
2004-04-13
Description:
Microsoft re-issued this bulletin on Janurary 13, 2004 to advise on the availability of an updated Windows NT 4.0 Workstation and Server patch for the Arabic, Hebrew, and Thai languages.
Vulnerabilities:

Included Updates:
824141
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS03-043
Title:
Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
Update Type:
Security Update
Severity:
Critical
Date:
2004-04-09
Description:
Subsequent to the release of this bulletin, it was determined that the update for Windows XP did not properly place the updated file wkssvc.dll into the %systemroot%\system32\dllcache. This problem is unrelated to the security vulnerability discussed in this bulletin. Microsoft recommends that customers who have previously applied the security update reinstall the latest version to insure that their system remains protected in the event that the wkssvc.dll is ever deleted or becomes corrupt. More information on this is available in the FAQ section of this bulletin.
Vulnerabilities:

Included Updates:
828035
Applies to:
Windows 2000
Windows Server 2003
Windows Server 2003, Datacenter Edition
Windows XP

Bulletin ID:
MS03-027
Title:
Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
Update Type:
Security Update
Severity:
Important
Date:
2004-04-09
Description:
The Windows shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows desktop. It also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start programs.
Vulnerabilities:

Included Updates:
821557
Applies to:
Windows XP

Bulletin ID:
MS03-007
Title:
Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)
Update Type:
Security Update
Severity:
Critical
Date:
2004-04-09
Description:
Microsoft originally released this security bulletin on March 17, 2003. At that time, Microsoft was aware of a publicly available exploit that was being used to attack Windows 2000 Servers running IIS 5.0. The attack vector in this case was WebDAV although the underlying vulnerability was in a core operating system component, ntdll.dll. Microsoft issued a patch to protect Windows 2000 customers shortly afterwards, but also continued to investigate the underlying vulnerability. During the course of that investigation, Microsoft found that Windows NT 4.0 also contains the underlying vulnerability in ntdll.dll, however it does not support WebDAV and therefore the known exploit was not effective against Windows NT 4.0. In addition, Microsoft has recently been made aware of this vulnerability as well in Windows XP. However, like Windows NT 4.0, Windows XP does not install Internet Information Services (IIS) by default. Microsoft has now released patches for Windows NT 4.0 and Windows XP.
Vulnerabilities:

Included Updates:
815021
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-021
Title:
Flaw In Windows Media Player May Allow Media Library Access (819639)
Update Type:
Security Update
Severity:
Moderate
Date:
2004-03-05
Description:
An ActiveX control included with Windows Media Player 9 Series allows Web page authors to create Web pages that can play media and provide a user interface by which the user can control playback. When a user visits a Web page with embedded media, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the media.
Vulnerabilities:

Included Updates:
819639
Applies to:
Windows 2000
Windows Server 2003
Windows XP

Bulletin ID:
MS02-071
Title:
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
Update Type:
Security Update
Severity:
Important
Date:
2004-02-09
Description:
Subsequent to the release of this bulletin it was determined that the patch for Microsoft Windows NT 4.0 machines introduced an error that could, under certain configurations, cause NT 4.0 to fail. Microsoft has investigated this issue and has released an updated patch for Windows NT 4.0. The bulletin has been updated to include the new download links for the NT 4.0 patch. The error did not affect NT 4.0 TSE, except for the Japanese Language. Customers running the Japanese version of NT 4.0 TSE should apply the updated fix.
Vulnerabilities:

Included Updates:
328310
Applies to:
Windows 2000

Bulletin ID:
MS03-033
Title:
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Update Type:
Security Update
Severity:
Important
Date:
2004-01-12
Description:
Microsoft Data Access Components (MDAC) is a collection of components that are used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems:
Vulnerabilities:

Included Updates:
823718
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-017
Title:
Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)
Update Type:
Security Update
Severity:
Critical
Date:
2004-01-12
Description:
Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of "skins". Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.
Vulnerabilities:

Included Updates:
817787
Applies to:
Windows 2000
Windows XP