July 13th patches from Microsoft > Forums > Viruswarn Website

Viruswarn Website

Tuesday, February 07, 2012

Our sponsors

OS-Cubed, Inc.

WizardWrx

Periwinkle Communications

Nick Francesco

Users currently online

	Membership:
	Latest: kevin
	New Today: 0
	New Yesterday: 0
	Overall: 56

	People Online:
	Visitors: 5
	Members: 0
	Total: 5

Online Now:

Click here to visit OS-Cubed, Inc.

Viruswarn banner

Home

Forums

Meet the Authors

Troubleshooting

Store

you are here: Forums

Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!

Viruswarn Forums

Forums

Search

Forums > Viruswarning Forum > Viruswarning archive

Subject: July 13th patches from Microsoft

Email me when someone replies to this thread.

You are not authorized to post a reply.

Author

Messages

Lee Drake
Posts:238

07/15/2004 11:01 PM
What is it Microsoft released a slew of new patches for windows today - probably after deciding to delay release of Service Pack 2 for XP until August. They patched several serious security holes that could allow a remote attacker to take over your systems. You can see all the details and see links to the security bulletins themselves at my new "security notice" page on my website (http://www.leedrake.com/security_notices.asp), but I will summarize them here: If you have Windows XP, 2000, NT, Windows ME, Windows 9x, or Server System 2003 the following bulletins apply to you: MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) - This allows an attacker to take complete control of your system. MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315) - This fixes two vulnerabilities in the HELP subsystem which allow a remote user or email to take complete control of your system. This does not Affect Windows NT 4 workstation or server. S04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873) - This is not AS bad a vulnerability as you must be logged in as administrator to exploit it. Usually a system is already compromised by that point. A default installation of NT 4 is not affected - but if you upgraded to IE 6 you are vulnerable. MS04-018: Cumulative Security Update for Outlook Express (823353) - While this exploit "only" allows you to crash outlook express - it could be a major inconvenience if someone incorporates it into worm code to mess up people's email systems. We advise updating and removing the exploit ASAP. All systems with IE and Outlook Express installed are vulnerable. This exploit only affects Windows 2000 workstations and servers: MS04-019: Vulnerability in Utility Manager Could Allow Code Execution (842526) - This exploit only affects Windows 2000, and again requires an interactive logon to exploit This exploit only affects Windows NT 4 workstations running IIS and NT 4 Servers running IIS 4: MS04-021: Security Update for IIS 4.0 (841373) - This exploit only affects Windows NT, and despite NT being end of life, they've released this patch. This will probably be the last official patch for this OS. Subsequent vulnerabilities will be left open by Microsoft and/or they will require you to pay to have the OS patched. We at viruswarning STRONGLY URGE those using NT to move to a windows 2000 or better platform (preferably XP or 2003) ASAP. This exploit only affects those running Windows NT 4 and Windows 2000: MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872 -allows a user to completely take control of the operating system. What to do Run windowsupdate by visiting http://windowsupdate.microsoft.com and downloading all critical patches and applying them. Use the Microsoft Baseline Security Analyzer 2.0 to confirm that the updates installed properly. We advise that you install these update patches sooner rather than later. The length of time between when a vulnerability is announced and when it is exploited in the wild has shortened considerably. Further information and links: MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315) MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873) MS04-021: Security Update for IIS 4.0 (841373) MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872 MS04-019: Vulnerability in Utility Manager Could Allow Code Execution (842526) MS04-018: Cumulative Security Update for Outlook Express (823353) Lee Drake's Security Summary page Microsoft Baseline Security Analyzer Windows Update Cheers! Lee Drake Aztek Computer Solutions, Inc. 274 N. Goodman St. Ste B269 Rochester, NY 14607 the human side of computing Email: ldrake@azcomputer.net Web: www.azcomputer.net Office Phone: 585-242-2060 Fax number: 585-242-9441 Cell number: 585-509-0284

You are not authorized to post a reply.

Forums > Viruswarning Forum > Viruswarning archive > July 13th patches from Microsoft

ActiveForums 3.6

Register or Login

User Name:

Password:

Remember Login


Forgot Password ?

Copyright 2006 by OS-Cubed, Inc. Terms Of Use Privacy Statement