Security Alerts - October 2004

Microsoft just released the October security bulletin. 7 critical + 3 important + 1 re-issued.

Critical:
MS04-032  Security Update for Microsoft Windows (840987)
MS04-033  Vulnerability in Microsoft Excel Could Allow Code Execution(886836)
MS04-034  Vulnerability in Compressed (zipped) Folders Could Allow Code Execution (873376)
MS04-035  Vulnerability in SMTP Could Allow Remote Code Execution (885881)
MS04-036  Vulnerability in NNTP Could Allow Code Execution (883935)
MS04-037  Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
MS04-038  Cumulative Security Update for Internet Explorer (834707) 

Important:
MS04-029  Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)
MS04-030  Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)
MS04-031  Vulnerability in NetDDE Could Allow Remote Code Execution (841533)

Re-issued:
MS04-028  Microsoft Office XP, Project 2002, Visio 2002,Windows Journal Viewer Remote Code Execution

IIS related:
MS04-030 - Affected components: WebDAV
                 IIS versions: IIS5.0, IIS5.1 and IIS6.0
                 XP Pro SP2 (IIS5.1) not affected.  

MS04-035 - Affected components: SMTP
                 IIS versions: IIS6.0
                 W2K (IIS 5.0) and NT4.0 (IIS4.0) are not affected, however the vulnerability will exists if you deploy Microsoft Exchange Server 2003 Routing Engine component on Windows Server 2000.
   
MS04-036 - Affected components: NNTP
                 IIS versions: IIS4.0, IIS5.0 and IIS6.0
                 W2k Pro (IIS5.0) and XP Pro (IIS5.1) are not affected as NNTP component is not available.