Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

OCTOBER 2004 - MICROSOFT SECURITY BULLETINS

 There are 10 updates for October (7 Critical and 3 Important)

OCTOBER 2004 - MICROSOFT SECURITY BULLETINS
http://www.microsoft.com/technet/security/Bulletin/ms04-oct.mspx


3 BULLETINS RATED AS IMPORTANT

MS04-029 -- Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)

Executive Summary: An information disclosure and denial of service vulnerability exists that could cause the affected system

to stop responding or could potentially read portions of active memory content.


MS04-030 -- Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)

Executive Summary:  A Denial of Service vulnerability exists that could cause the affected system to stop responding to requests.


MS04-031 -- Vulnerability in NetDDE Could Allow Remote Code Execution (841533)

Executive Summary:  A remote code execution vulnerability exists in the NetDDE services because of an unchecked buffer.

 

7 BULLETINS RATED AS CRITICAL


MS04-032 -- Security Update for Microsoft Windows (840987)

Executive Summary: A remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service

vulnerability exist in Windows. The most severe vulnerability could allow remote code execution on an affected system.


MS04-033 -- Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)

Executive Summary: A vulnerability exists in Microsoft Excel that could allow remote code execution on an affected system.


MS04-034 -- Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

Executive Summary: A vulnerability exists in the way that Windows processes Compressed (zipped) Folders that could allow remote code execution on an affected system.


MS04-035 -- Vulnerability in SMTP Could Allow Remote Code Execution (885881)

Executive Summary: A vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system.


MS04-036 -- Vulnerability in NNTP Could Allow Remote Code Execution (883935)

Executive Summary: A vulnerability exists in the Windows NNTP Component that could allow remote code execution on an affected system.


MS04-037 -- Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)

Executive Summary: A vulnerability exists in the way that the Windows Shell launches applications. A vulnerability exists in Program Group Converter because of the way that it handles specially crafted requests. Both could allow remote code execution on an affected system.


MS04-038 -- Cumulative Security Update for Internet Explorer (834707)

Executive Summary: Five remote code execution and three information disclosure vulnerabilities exist in Internet Explorer.

Comments

TrackBack said:

# October 30, 2004 3:22 PM

TrackBack said:

# October 30, 2004 4:32 PM