OT-Fw: Microsoft Windows Security Bulletin Summary for February 2004
- Subject: OT-Fw: Microsoft Windows Security Bulletin Summary for February 2004
- From: &* S* <r*@colfax.com>
- Date: Tue, 10 Feb 2004 16:13:36 -0800
- List-archive: <http://www.hort.net/lists/pumpkins/> (Web Archive)
need to update.
Roger , Colfax WA
----- Original Message -----
From: "Microsoft"
<0_58071_4FC3A56D-DCDE-44BF-9242-3A43670407BA_US@Newsletters.Microsoft.com>
To: <res@colfax.com>
Sent: Tuesday, February 10, 2004 3:51 PM
Subject: Microsoft Windows Security Bulletin Summary for February 2004
> -----BEGIN PGP SIGNED MESSAGE-----
>
> - --------------------------------------------------------------------
> Title: Microsoft Windows Security Bulletin Summary for
> February 2004
> Issued: February 10, 2004
> Version Number: 1.0
> Bulletin:
> http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
>
> - --------------------------------------------------------------------
>
> Summary:
> ========
> Included in this advisory are updates for three newly discovered
> vulnerabilities in Microsoft Windows. These vulnerabilities, broken
> down by severity are:
>
> ** Critical Security Bulletins
>
> MS04-007 - ASN .1 Vulnerability Could Allow Code Execution (828028)
>
> - Affected Software:
>
> - Windows NT Workstation 4.0 Service Pack 6a
> - Windows NT Server 4.0 Service Pack 6a
> - Windows NT Server 4.0 Terminal Server Edition
> Service Pack 6
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
> - Windows XP, Windows XP Service Pack 1
> - Windows XP 64-Bit Edition
> - Windows XP 64-Bit Edition Service Pack 1
> - Windows XP 64-Bit Edition Version 2003
> - Windows XP 64-Bit Edition Version 2003
> Service Pack 1
> - Windows Server 2003
> - Windows Server 2003 64-Bit Edition
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
> MS04-004 - Cumulative Security Update for Internet Explorer(832894)
>
> - Affected Software:
> - Windows 98
> - Windows 98 Second Edition
> - Windows Millennium Edition
> - Windows NT Workstation 4.0 Service Pack 6a
> - Windows NT Server 4.0 Service Pack 6a
> - Windows NT Server 4.0 Terminal Server Edition
> Service Pack 6
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
> - Windows XP, Windows XP Service Pack 1
> - Windows XP 64-Bit Edition
> - Windows XP 64-Bit Edition Service Pack 1
> - Windows XP 64-Bit Edition Version 2003
> - Windows XP 64-Bit Edition Version 2003
> Service Pack 1
> - Windows Server 2003
> - Windows Server 2003 64-Bit Edition
>
> - Impact: Remote Code Execution
> - Last Revised: February 9, 2004
> - Version Number: 1.4
>
>
> ** Important Security Bulletins
>
> MS04-006 - Vulnerability in the Windows Internet Naming Service
> (WINS) Could Allow Code Execution (830352)
>
> - Affected Software:
> - Windows NT Server 4.0 Service Pack 6a
> - Windows NT Server 4.0 Terminal Server Edition
> Service Pack 6
> - Windows 2000 Server Service Pack 2
> - Windows 2000 Server Service Pack 3
> - Windows 2000 Server Service Pack 4
> - Windows Server 2003
> - Windows Server 2003 64-Bit Edition
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
>
> Update Availability:
> ===================
> An update is available to fix this vulnerability.
> For additional information, including Technical Details,
> Workarounds, answers to Frequently Asked Questions, and Update
> Deployment Information please read the Microsoft Windows Security
> Bulletin Summary for Windows at:
> http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
>
> Support:
> ========
> Technical support is available from Microsoft Product Support
> Services at 1-866-PC SAFETY (1-866-727-2338). There is no
> charge for support calls associated with security patches.
> International customers can get support from their local Microsoft
> subsidiaries. Phone numbers for international support can be found
> at: http://support.microsoft.com/common/international.aspx
>
> Additional Resources:
> =====================
> * Microsoft has created a free monthly e-mail newsletter containing
> valuable information to help you protect your network. This
> newsletter provides practical security tips, topical security
> guidance, useful resources and links, pointers to helpful
> community resources, and a forum for you to provide feedback
> and ask security-related questions.
> You can sign up for the newsletter at:
>
> http://www.microsoft.com/technet/security/secnews
>
> * Join Microsoft's webcast for a live discussion of the technical
> details of the February security bulletins and steps you can take
> to protect your environment. Details about the live webcast
> can be found at: http://go.microsoft.com/fwlink/?LinkId=22796
>
> The on-demand version of the webcast will be available 24 hours
> after the live webcast at:
>
> http://go.microsoft.com/fwlink/?LinkId=22796
>
> * Protect your PC: Microsoft has provided information on how you
> can help protect your PC at the following locations:
>
> http://www.microsoft.com/security/protect/
>
> If you receive an e-mail that claims to be distributing a
> Microsoft security patch, it is a hoax that may be distributing a
> virus. Microsoft does not distribute security patches via e-mail.
> You can learn more about Microsoft's software distribution
> policies here:
>
> http://www.microsoft.com/technet/security/policy/swdist.asp
>
> Acknowledgments:
> ================
> Microsoft thanks the following for working with us to protect
> customers:
>
> - - Andreas Sandblad
> (sandblad@acc.umu.se)
> for reporting the Travel Log Cross Domain Vulnerability
> described in MS04-004.
>
> - - Qualys
> (http://www.qualys.com)
> for reporting the issue described in MS04-006.
>
> - - eEye Digital Security
> (http://www.eeye.com)
> for reporting the issue described in MS04-007.
>
>
> Revisions:
> ==========
> * V1.0 February 10, 2004: Bulletin Created.
>
> ********************************************************************
> Protect your PC: Microsoft has provided information on how you
> can help protect your PC at the following locations:
> http://www.microsoft.com/security/protect/
>
> If you receive an e-mail that claims to be distributing a
> Microsoft security patch, it is a hoax that may be distributing a
> virus. Microsoft does not distribute security patches via e-mail.
> You can learn more about Microsoft's software distribution
> policies here:
> http://www.microsoft.com/technet/security/policy/swdist.asp
> ********************************************************************
> - --------------------------------------------------------------------
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
> DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
> THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
> BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
> INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
> DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
> ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
> SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
> FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
> LIMITATION MAY NOT APPLY.
> - --------------------------------------------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2
>
> iQEVAwUBQCkuW40ZSRQxA/UrAQF3QAf+OMOpvlrZZSKUaSACiKrwCDCCWOz2sLkI
> 1fmfd1ccOaSCPiUuX9adSKfcFFVgi3uYoHQCp0ijM9R9+zbsXRfIfv320D1gFPPv
> OEPLYZsV/4IwylTilh+bc92DdKiNGqE+zddoQEwtYNWS7grKM8x+BuxJWjXJ2GoY
> MPJy+UGvDMRFxSfDx/VcRF+Q8HHSt6oohGRjDRXgMBpOiW4oM/QgTZEHM7fRL5c6
> S9ao2tNdq06BJHhiy6gR6hAwj3ln3PHRaVZsFVSTw7uMiUr/+OqbziRe5m432k0Y
> 2rn4tIHvtgVFj7UEaf6nZq1+/Aci8CNCCjlXg+Q+F4N1ikqLnnnieg==
> =rcPG
> -----END PGP SIGNATURE-----
>
>
>
> *******************************************************************
>
> You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit
http://www.microsoft.com/technet/security/notify.asp.
>
> To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
>
> To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
>
> If you do not wish to use Microsoft Passport, you can unsubscribe from the
Microsoft Security Notification Service via email as described below:
> Reply to this message with the word UNSUBSCRIBE in the Subject line.
>
> For security-related information about Microsoft products, please visit
the Microsoft Security Advisor web site at
http://www.microsoft.com/security.
---------------------------------------------------------------------
Pumpkin-growing archives: http://www.hort.net/lists/pumpkins/
To sign-off this list, send email to majordomo@hort.net with the
message text UNSUBSCRIBE PUMPKINS
