brett
03-09-2004, 05:38 PM
Today, 9 March 2004 Microsoft is releasing three security updates for
newly discovered vulnerabilities in Microsoft Windows, Microsoft Office,
and MSN Products.
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Moderate, MS04-008.
- One Microsoft Security Bulletin affecting Microsoft Office with a
maximum severity of Important, MS04-009.
- One Microsoft Security Bulletin affecting MSN Products with a maximum
severity of Moderate, MS04-010.
The summary for these new bulletins may be found at the following pages:
- Microsoft Windows
http://www.microsoft.com/technet/security/bulletin/winmar04.mspx
- Microsoft Office
http://www.microsoft.com/technet/security/bulletin/offmar04.mspx
- MSN Products
http://www.microsoft.com/technet/security/bulletin/msnmar04.mspx
In addition, Microsoft is re-releasing an update for Microsoft Windows.
- Information for this re-released bulletin may be found at
http://www.microsoft.com/technet/security/Bulletin/MS03-022.mspx
Microsoft will host a webcast tomorrow to address customer questions on
these bulletins. For more information on this webcast please see below:
- Information about Microsoft's February Security Bulletins
- 3/10/2004 10:00 AM - 3/10/2004 11:00 AM
- Language: English-American
- http://go.microsoft.com/fwlink/?LinkId=24513
- The on-demand version of the webcast will be available 24 hours
- after the live webcast at:
- http://go.microsoft.com/fwlink/?LinkId=24513
Customers are advised to review the information in the bulletins, test
and deploy the updates immediately in their environments, if applicable.
************************************************** ********************
TECHNICAL DETAILS
MS04-008
Title: Vulnerability in Windows Media Services Could Allow a Denial of
Service
Affected Software:
- Microsoft Windows 2000 Server Service Pack 2
- Microsoft Windows 2000 Server Service Pack 3
- Microsoft Windows 2000 Server Service Pack 4
Affected Components:
- Windows Media Services 4.1 (included with Microsoft Windows 2000
Server)
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Restart required: In some cases, this update does not require a reboot.
The installer stops the required services, applies the update, and then
restarts the services. However, if the required services cannot be
stopped for any reason, or if required files are in use, this update
will require a reboot. If this occurs, a message appears that advises
you to reboot.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-008.mspx
************************************************** ********************
MS04-009
Title: Vulnerability in Outlook Could Allow a Remote Code Execution
Affected Software:
- Microsoft Office XP Service Pack 2
- Microsoft Outlook 2002
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: No
Update can be uninstalled: No
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-009.mspx
************************************************** ********************
MS04-010
Title: Vulnerability in MSN Messenger Could Allow Information
Disclosure
Affected Software:
- Microsoft MSN Messenger 6.0
- Microsoft MSN Messenger 6.1
Impact of Vulnerability: Information Disclosure
Maximum Severity Rating: Moderate
Restart required: This update may require a restart
Update can be uninstalled: No
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-010.mspx
************************************************** ********************
MS03-022
Title: Vulnerability in ISAPI Extension for Windows Media Services
Could Cause Code Execution
Affected Software:
- Microsoft Windows 2000
Affected Components:
- Windows Media Services 4.1 (included with Microsoft Windows 2000
Server)
Reason for Re-issue: Subsequent to the release of this bulletin, an
issue was found related to the update's installer. Specifically, an
issue was found affecting customers who had applied this security update
and then later uninstalled Windows Media Services and then re-installed
Windows Media Services. These customers could not successfully apply the
security update to the re-installed instance of Windows Media Player,
thus leaving them vulnerable. This issue only affects customers in this
specific scenario.
Customers who have uninstalled and re-installed Windows Media Services
should apply the new version of this security update. All other
customers need not take any action.
More information on this re-issued bulletin is available at:
http://www.microsoft.com/technet/security/bulletin/MS03-022.mspx
PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST
CURRENT INFORMATION ON THESE ALERTS.
newly discovered vulnerabilities in Microsoft Windows, Microsoft Office,
and MSN Products.
- One Microsoft Security Bulletin affecting Microsoft Windows with a
maximum severity of Moderate, MS04-008.
- One Microsoft Security Bulletin affecting Microsoft Office with a
maximum severity of Important, MS04-009.
- One Microsoft Security Bulletin affecting MSN Products with a maximum
severity of Moderate, MS04-010.
The summary for these new bulletins may be found at the following pages:
- Microsoft Windows
http://www.microsoft.com/technet/security/bulletin/winmar04.mspx
- Microsoft Office
http://www.microsoft.com/technet/security/bulletin/offmar04.mspx
- MSN Products
http://www.microsoft.com/technet/security/bulletin/msnmar04.mspx
In addition, Microsoft is re-releasing an update for Microsoft Windows.
- Information for this re-released bulletin may be found at
http://www.microsoft.com/technet/security/Bulletin/MS03-022.mspx
Microsoft will host a webcast tomorrow to address customer questions on
these bulletins. For more information on this webcast please see below:
- Information about Microsoft's February Security Bulletins
- 3/10/2004 10:00 AM - 3/10/2004 11:00 AM
- Language: English-American
- http://go.microsoft.com/fwlink/?LinkId=24513
- The on-demand version of the webcast will be available 24 hours
- after the live webcast at:
- http://go.microsoft.com/fwlink/?LinkId=24513
Customers are advised to review the information in the bulletins, test
and deploy the updates immediately in their environments, if applicable.
************************************************** ********************
TECHNICAL DETAILS
MS04-008
Title: Vulnerability in Windows Media Services Could Allow a Denial of
Service
Affected Software:
- Microsoft Windows 2000 Server Service Pack 2
- Microsoft Windows 2000 Server Service Pack 3
- Microsoft Windows 2000 Server Service Pack 4
Affected Components:
- Windows Media Services 4.1 (included with Microsoft Windows 2000
Server)
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Restart required: In some cases, this update does not require a reboot.
The installer stops the required services, applies the update, and then
restarts the services. However, if the required services cannot be
stopped for any reason, or if required files are in use, this update
will require a reboot. If this occurs, a message appears that advises
you to reboot.
Update can be uninstalled: Yes
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-008.mspx
************************************************** ********************
MS04-009
Title: Vulnerability in Outlook Could Allow a Remote Code Execution
Affected Software:
- Microsoft Office XP Service Pack 2
- Microsoft Outlook 2002
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Restart required: No
Update can be uninstalled: No
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-009.mspx
************************************************** ********************
MS04-010
Title: Vulnerability in MSN Messenger Could Allow Information
Disclosure
Affected Software:
- Microsoft MSN Messenger 6.0
- Microsoft MSN Messenger 6.1
Impact of Vulnerability: Information Disclosure
Maximum Severity Rating: Moderate
Restart required: This update may require a restart
Update can be uninstalled: No
More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-010.mspx
************************************************** ********************
MS03-022
Title: Vulnerability in ISAPI Extension for Windows Media Services
Could Cause Code Execution
Affected Software:
- Microsoft Windows 2000
Affected Components:
- Windows Media Services 4.1 (included with Microsoft Windows 2000
Server)
Reason for Re-issue: Subsequent to the release of this bulletin, an
issue was found related to the update's installer. Specifically, an
issue was found affecting customers who had applied this security update
and then later uninstalled Windows Media Services and then re-installed
Windows Media Services. These customers could not successfully apply the
security update to the re-installed instance of Windows Media Player,
thus leaving them vulnerable. This issue only affects customers in this
specific scenario.
Customers who have uninstalled and re-installed Windows Media Services
should apply the new version of this security update. All other
customers need not take any action.
More information on this re-issued bulletin is available at:
http://www.microsoft.com/technet/security/bulletin/MS03-022.mspx
PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST
CURRENT INFORMATION ON THESE ALERTS.