OT-Fw: Microsoft Security Bulletin Summary for July 2004
- Subject: OT-Fw: Microsoft Security Bulletin Summary for July 2004
- From: &* S* <r*@colfax.com>
- Date: Wed, 14 Jul 2004 08:58:07 -0700
- List-archive: <http://www.hort.net/lists/pumpkins/> (Web Archive)
Need to update your MS patches.
Roger , Colfax WA
----- Original Message -----
From: "Microsoft"
<0_63338_4FC3A56D-DCDE-44BF-9242-3A43670407BA_US@Newsletters.Microsoft.com>
To: <res@colfax.com>
Sent: Tuesday, July 13, 2004 2:57 PM
Subject: Microsoft Security Bulletin Summary for July 2004
> -----BEGIN PGP SIGNED MESSAGE-----
>
> ********************************************************************
> Title: Microsoft Security Bulletin Summary for July 2004
> Issued: July 13, 2004
> Version Number: 1.0
> Bulletin: http://go.microsoft.com/fwlink/?LinkId=32567
> ********************************************************************
>
> Summary:
> ========
> This advisory contains information about all security updates
> released this month. It is broken down by security bulletin severity.
>
> Critical Security Bulletins
> ===========================
>
> MS04-022 - Vulnerability in Task Scheduler Could Allow Code
> Execution (841873)
>
> - Affected Software:
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
> - Windows XP and Windows XP Service Pack 1
> - Windows XP 64-Bit Edition Service Pack 1
>
> - Affected Components:
> - Internet Explorer 6 when installed on Windows
> NT 4.0 SP6a (Workstation, Server, or Terminal
> Server Edition)
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
> MS04-023 - Vulnerability in HTML Help Could Allow Code
> Execution (840315)
>
> - Affected Software:
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
> - Windows XP and Windows XP Service Pack 1
> - Windows XP 64-Bit Edition Service Pack 1
> - Windows XP 64-Bit Edition Version 2003
> - Windows Server 2003
> - Windows Server 2003 64-Bit Edition
>
> - Affected Components:
> - Internet Explorer 6 when installed on Windows
> NT 4.0 SP6a (Workstation, Server, or Terminal
> Server Edition)
>
> - Review the FAQ section of bulletin MS04-O23 for
> information about these operating systems:
> - Microsoft Windows 98
> - Microsoft Windows 98 Second Edition (SE)
> - Microsoft Windows Millennium Edition (ME)
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
> Important Security Bulletins
> ============================
>
> MS04-019 - Vulnerability in Utility Manager Could Allow Code
> Execution (842526)
>
> - Affected Software:
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
> MS04-020 - Vulnerability in POSIX Could Allow Code
> Execution (841872)
>
> - Affected Software:
> - Windows NT Workstation 4.0 Service Pack 6a
> - Windows NT Server 4.0 Service Pack 6a
> - Windows NT Server 4.0 Terminal Server Edition
> Service Pack 6
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
> MS04-021 - Security Update for IIS 4.0 (841373)
>
> - Affected Software:
> - Windows NT Workstation 4.0 Service Pack 6a
> - Windows NT Server 4.0 Service Pack 6a
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
> MS04-024 - Vulnerability in Windows Shell Could Allow Remote
> Code Execution (839645)
>
> - Affected Software:
> - Windows NT Workstation 4.0 Service Pack 6a
> - Windows NT Server 4.0 Service Pack 6a
> - Windows NT Server 4.0 Terminal Server Edition
> Service Pack 6
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
> - Windows XP and Windows XP Service Pack 1
> - Windows XP 64-Bit Edition Service Pack 1
> - Windows XP 64-Bit Edition Version 2003
> - Windows Server 2003
> - Windows Server 2003 64-Bit Edition
>
> - Review the FAQ section of bulletin MS04-O24 for
> information about these operating systems:
> - Microsoft Windows 98
> - Microsoft Windows 98 Second Edition (SE)
> - Microsoft Windows Millennium Edition (ME)
>
> - Impact: Remote Code Execution
> - Version Number: 1.0
>
> Moderate Security Bulletins
> ===========================
>
> MS04-018 - Cumulative Security Update for Outlook Express
> (823353)
>
> - Affected Software:
> - Windows NT Workstation 4.0 Service Pack 6a
> - Windows NT Server 4.0 Service Pack 6a
> - Windows NT Server 4.0 Terminal Server Edition
> Service Pack 6
> - Windows 2000 Service Pack 2
> - Windows 2000 Service Pack 3
> - Windows 2000 Service Pack 4
> - Windows XP and Windows XP Service Pack 1
> - Windows XP 64-Bit Edition Service Pack 1
> - Windows XP 64-Bit Edition Version 2003
> - Windows Server 2003
> - Windows Server 2003 64-Bit Edition
>
> - Review the FAQ section of bulletin MS04-O18 for
> information about these operating systems:
> - Microsoft Windows 98
> - Microsoft Windows 98 Second Edition (SE)
> - Microsoft Windows Millennium Edition (ME)
>
> - Impact: Denial of Service
> - Version Number: 1.0
>
>
> Update Availability:
> ===================
> Updates are available to address these issues.
> For additional information, including Technical Details,
> Workarounds, answers to Frequently Asked Questions,
> and Update Deployment Information please read
> the Microsoft Security Bulletin Summary for this
> month at: http://go.microsoft.com/fwlink/?LinkId=32567
>
> Support:
> ========
> Technical support is available from Microsoft Product Support
> Services at 1-866-PC SAFETY (1-866-727-2338). There is no
> charge for support calls associated with security updates.
> International customers can get support from their local Microsoft
> subsidiaries. Phone numbers for international support can be found
> at: http://support.microsoft.com/common/international.aspx
>
> Additional Resources:
> =====================
> * Microsoft has created a free monthly e-mail newsletter containing
> valuable information to help you protect your network. This
> newsletter provides practical security tips, topical security
> guidance, useful resources and links, pointers to helpful
> community resources, and a forum for you to provide feedback
> and ask security-related questions.
> You can sign up for the newsletter at:
>
> http://www.microsoft.com/technet/security/secnews/default.mspx
>
> * Microsoft has created a free e-mail notification service that
> serves as a supplement to the Security Notification Service
> (this e-mail). It provides timely notification of any minor
> changes or revisions to previously released Microsoft Security
> Bulletins. This new service provides notifications that are
> written for IT professionals and contain technical information
> about the revisions to security bulletins.
> Visit http://www.microsoft.com to subscribe to this service:
>
> - Click on Subscribe at the top of the page.
> - This will direct you via Passport to the Subscription center.
> - Under Newsletter Subscriptions you can sign up for the
> "Microsoft Security Notification Service: Comprehensive Version".
>
> * Join Microsoft's webcast for a live discussion of the technical
> details of these security bulletins and steps you can take
> to protect your environment. Details about the live webcast
> can be found at: http://go.microsoft.com/fwlink/?LinkId=30865
>
> The on-demand version of the webcast will be available 24 hours
> after the live webcast at:
>
> http://go.microsoft.com/fwlink/?LinkId=30865
>
> * Protect your PC: Microsoft has provided information on how you
> can help protect your PC at the following locations:
>
> http://www.microsoft.com/security/protect/
>
> If you receive an e-mail that claims to be distributing a
> Microsoft security update, it is a hoax that may be distributing a
> virus. Microsoft does not distribute security updates through
> e-mail. You can learn more about Microsoft's software distribution
> policies here:
>
> http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
>
> Acknowledgments:
> ================
> Microsoft thanks the following for working with us to protect
> customers:
>
> Cesar Cerrudo of Application Security Inc. for reporting an issue
> described in MS04-019. (http://www.appsecinc.com)
>
> Rafal Wojtczuk working with McAfee for reporting an
> issue described in MS04-020. (http://www.mcafee.com)
>
> Brett Moore of Security-Assessment.com for reporting an issue
> described in MS04-022. (http://www.security-assessment.com)
>
> Dustin Schneider for reporting an issue described in MS04-022.
> (/*@verizon.net)
>
> Peter Winter-Smith of Next Generation Security Software Ltd. for
> reporting an issue described in MS04-022.
> (http://www.nextgenss.com)
>
> Brett Moore of Security-Assessment.com for reporting an issue
> described in MS04-023. (http://www.security-assessment.com)
>
> ********************************************************************
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
> DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
> THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> PURPOSE.
> IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
> LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
> INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
> DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
> ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
> SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
> FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
> LIMITATION MAY NOT APPLY.
> ********************************************************************
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
>
> iQEVAwUBQPQrso0ZSRQxA/UrAQFPdwgAif9ch3t8TJADL43IuYvhZ64TLc4hlhou
> 7gGPP1twOQJv9PM+oDIw2zIsap+2ETUbzluUThZ2WYak8HjlgtbIdyjRKIoK6FfD
> 3qe3RdCmRGqWkBQnytP6xwngFqQDeeeN9SBnDvFeETcrsXB7UR2KkrPg8iP9wlTP
> Ciq0IYak9/L8YB+r2fA3rR1ZZX5zSNDZ0oihJfP0jAA7c/IAhx1vD3INmss0DDxJ
> n+jIk7OVTIkp0iXjpCrbm/5N8Y9yaJ3ymc8FEU/K6WSfR+iKIJQpLNFTCnIdxBLy
> n/e/+e32ezh5i7wWZhT4oY6g7UEuDEeglF+ze6VnSuP1OP9ICn5HxA==
> =/TTr
> -----END PGP SIGNATURE-----
>
>
>
> *******************************************************************
>
> You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit
http://www.microsoft.com/technet/security/notify.asp.
>
> To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
>
> To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
>
> If you do not wish to use Microsoft Passport, you can unsubscribe from the
Microsoft Security Notification Service via email as described below:
> Reply to this message with the word UNSUBSCRIBE in the Subject line.
>
> For security-related information about Microsoft products, please visit
the Microsoft Security Advisor web site at
http://www.microsoft.com/security.
---------------------------------------------------------------------
Pumpkin-growing archives: http://www.hort.net/lists/pumpkins/
To sign-off this list, send email to majordomo@hort.net with the
message text UNSUBSCRIBE PUMPKINS
