PDA

Vollständige Version anzeigen : Microsoft Security Info vom 11.05.2004


Günther Kramer
12.05.2004, 14:12
Today, 11 May 2004 Microsoft is releasing one security update for a newly discovered vulnerability in Microsoft Windows.

- One Microsoft Security Bulletins affecting Microsoft Windows with a maximum severity of Important, MS04-015.

Summaries for these new bulletins may be found at the following page:
- Microsoft Windows http://www.microsoft.com/technet/security/bulletin/winmay04.mspx


In addition, Microsoft is re-releasing updates for Microsoft Windows.

Information on these re-released bulletins may be found at the following pages:
- http://www.microsoft.com/technet/security/Bulletin/MS04-014.mspx
- http://www.microsoft.com/technet/security/Bulletin/MS01-052.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft will host a webcast tomorrow to address customer questions on these bulletins. For more information on this webcast please see below:
- Information about Microsoft's May Security Bulletins
- 5/12/2004 10:00 AM - 5/12/2004 11:00 AM
- Language: English-American
- Live Meeting Webcast - (GMT -08:00) Pacific Time
- http://go.microsoft.com/fwlink/?LinkId=27513

The on-demand version of the webcast will be available 24 hours after the live webcast at:
- http://go.microsoft.com/fwlink/?LinkId=27513

**********************************************************************
TECHNICAL DETAILS

MS04-015

Title: Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)

Affected Software:
- Microsoft Windows XP and Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server(tm) 2003
- Microsoft Windows Server 2003 64-Bit Edition

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Restart required: In some cases, this update does not require a restart. The installer stops the needed services, applies the update, and then restarts the services. However, if the needed services cannot be stopped for any reason or if required files are in use, this update will require a restart. If this occurs, a message is displayed that advises you to restart.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-015.mspx

**********************************************************************

MS04-014

Title: Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution

Affected Software:
- Microsoft Windows NT Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98 - Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows 98 Second Edition (SE) - Please review the FAQ section of the bulletin for details about this operating system.
- Microsoft Windows Millennium Edition (ME) - Please review the FAQ section of the bulletin for details about this operating system.

Affected Components:

- Microsoft Jet Database Engine version 4.0

Reason for Re-issue: Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action.

If you have previously applied the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1), you need not take any additional action as you are already protected from this vulnerability. However, if you want to have the Jet optional text error information in the same language as your Windows XP installation, you will need to remove the original security update MS04-014 (837001) following the Removal Information procedure located in this document and install the revised version. Once 837001 is uninstalled, revisiting Windows Update will result in the revised MS04-014 security update for Windows XP being re-offered with the correct, localized, optional text error strings.

More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx

**********************************************************************

MS01-052

Title: Invalid RDP Data can Cause Terminal Service Failure

Affected Software:

- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 2

Reason for Re-issue: Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the Windows NT Server 4.0 Terminal Server Edition security update.

Customers need to install the revised update even if they installed the prior version. This issue does not affect other operating systems. If you have previously applied the security updates for other operating systems, this revised update does not need to be installed.

If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Thank you,
Microsoft PSS Security Team