Multiple Microsoft Patches Released Today

Full Version: Multiple Microsoft Patches Released Today

GovernmentSecurity.org > System Security > Windows Systems

Erra

Oct 12 2004, 07:58 PM

Windows: MS04-029, MS04-030, MS04-031, MS04-032, MS04-034, MS04-035, MS04-036, MS04-037, MS04-038
. Office: MS04-033
. Exchange Server: MS04-035, MS04-036

http://www.microsoft.com/security/bulletins/default.mspx

A few allow remote code execution.

Erra

Oct 12 2004, 09:00 PM

Bit more info

MS04-029 IMPORTANT Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)
An information disclosure and denial of service vulnerability exists that could cause the affected system to stop responding or could potentially read portions of active memory content.

MS04-030 IMPORTANT Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)
A Denial of Service vulnerability exists that could cause the affected system to stop responding to requests.

MS04-031 IMPORTANT Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
A remote code execution vulnerability exists in the NetDDE services because of an unchecked buffer.

MS04-032 CRITICAL Security Update for Microsoft Windows (840987)
A remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service vulnerability exist in Windows. The most severe vulnerability could allow remote code execution on an affected system.

MS04-033 CRITICAL Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)
A vulnerability exists in Microsoft Excel that could allow remote code execution on an affected system.

MS04-034 CRITICAL Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
A vulnerability exists in the way that Windows processes compressed (zipped) folders that could allow remote code execution on an affected system.

MS04-035 CRITICAL Vulnerability in SMTP Could Allow Remote Code Execution (885881)
A vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system.

MS04-036 CRITICAL Vulnerability in NNTP Could Allow Remote Code Execution (883935)
A vulnerability exists in the Windows NNTP Component that could allow remote code execution on an affected system.

MS04-037 CRITICAL Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
A vulnerability exists in the way that the Windows Shell launches applications. A vulnerability exists in Program Group Converter because of the way that it handles specially crafted requests. Both could allow remote code execution on an affected system.

MS04-038 CRITICAL Cumulative Security Update for Internet Explorer (834707)
Five remote code execution and three information disclosure vulnerabilities exist in Internet Explorer

sk3tch

Oct 12 2004, 09:21 PM

At least give credit to incidents.org where you ripped that "more info" from.

Erra

Oct 13 2004, 12:26 AM

actually, it was isc.sans.org..... and, the top info came straight from Microsoft.

If you have nothing good to add, then dont bother.

sk3tch

Oct 13 2004, 03:15 AM

Yes, which is why I was posting. Your post was like the 2nd or 3rd repost of the October batch of MSFT patches.

www.incidents.org resolves to that address. So your correction wasn't necessary if you would have checked it.

Sayian

Oct 13 2004, 05:00 AM

Sigh .. so many window updates.. , good thing i'm starting to drift away from windows , if only my brothers and sisters would do the same ;\

rosco

Oct 13 2004, 11:51 PM

QUOTE(Sayian @ Oct 13 2004, 06:00 AM)

Sigh .. so many window updates.. , good thing i'm starting to drift away from windows , if only my brothers and sisters would do the same ;\

i don't know any OS which doesn't need to be patched yet....
if u know one, pls post it ....

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Multiple Microsoft Patches Released Today GovernmentSecurity.org > System Security > Windows Systems Erra Oct 12 2004, 07:58 PM Windows: MS04-029, MS04-030, MS04-031, MS04-032, MS04-034, MS04-035, MS04-036, MS04-037, MS04-038 . Office: MS04-033 . Exchange Server: MS04-035, MS04-036 http://www.microsoft.com/security/bulletins/default.mspx A few allow remote code execution. Erra Oct 12 2004, 09:00 PM Bit more info MS04-029 IMPORTANT Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) An information disclosure and denial of service vulnerability exists that could cause the affected system to stop responding or could potentially read portions of active memory content. MS04-030 IMPORTANT Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151) A Denial of Service vulnerability exists that could cause the affected system to stop responding to requests. MS04-031 IMPORTANT Vulnerability in NetDDE Could Allow Remote Code Execution (841533) A remote code execution vulnerability exists in the NetDDE services because of an unchecked buffer. MS04-032 CRITICAL Security Update for Microsoft Windows (840987) A remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service vulnerability exist in Windows. The most severe vulnerability could allow remote code execution on an affected system. MS04-033 CRITICAL Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836) A vulnerability exists in Microsoft Excel that could allow remote code execution on an affected system. MS04-034 CRITICAL Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) A vulnerability exists in the way that Windows processes compressed (zipped) folders that could allow remote code execution on an affected system. MS04-035 CRITICAL Vulnerability in SMTP Could Allow Remote Code Execution (885881) A vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system. MS04-036 CRITICAL Vulnerability in NNTP Could Allow Remote Code Execution (883935) A vulnerability exists in the Windows NNTP Component that could allow remote code execution on an affected system. MS04-037 CRITICAL Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) A vulnerability exists in the way that the Windows Shell launches applications. A vulnerability exists in Program Group Converter because of the way that it handles specially crafted requests. Both could allow remote code execution on an affected system. MS04-038 CRITICAL Cumulative Security Update for Internet Explorer (834707) Five remote code execution and three information disclosure vulnerabilities exist in Internet Explorer sk3tch Oct 12 2004, 09:21 PM At least give credit to incidents.org where you ripped that "more info" from. Erra Oct 13 2004, 12:26 AM actually, it was isc.sans.org..... and, the top info came straight from Microsoft. If you have nothing good to add, then dont bother. sk3tch Oct 13 2004, 03:15 AM Yes, which is why I was posting. Your post was like the 2nd or 3rd repost of the October batch of MSFT patches. www.incidents.org resolves to that address. So your correction wasn't necessary if you would have checked it. Sayian Oct 13 2004, 05:00 AM Sigh .. so many window updates.. , good thing i'm starting to drift away from windows , if only my brothers and sisters would do the same ;\ rosco Oct 13 2004, 11:51 PM QUOTE(Sayian @ Oct 13 2004, 06:00 AM) Sigh .. so many window updates.. , good thing i'm starting to drift away from windows , if only my brothers and sisters would do the same ;\ i don't know any OS which doesn't need to be patched yet.... if u know one, pls post it .... This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.