PDA

Vollständige Version anzeigen : Microsoft Security Info vom 08.06.2004


Günther Kramer
10.06.2004, 12:09
Liebe Community-Mitglieder,

folgendes Security Bulletin wurde gestern abend für Microsoft-Kunden freigegeben.

Today 8 June 2004 Microsoft is releasing updates for two newly discovered vulnerabilities affecting Microsoft Windows, Microsoft Office, Microsoft Visual Studio, and Microsoft Business Solutions CRM.

- One Microsoft Security Bulleting affecting Microsoft Windows with a maximum severity of Moderate, MS04-016

- One Microsoft Security Bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft Business Solutions CRM with a maximum severity rating of Moderate, MS04-017

The summary for these new bulletins may be found at the following page:

- http://www.microsoft.com/technet/security/bulletin/ms04-jun.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.

Microsoft will host a webcast tomorrow to address customer questions on these bulletins. For more information on this webcast please see below:

- Information about Microsoft’s June 2004 Security Bulletins

- 6/9/2004 10:00 AM - 6/9/2004 11:00 AM - (GMT -08:00) Pacific Time

- http://go.microsoft.com/fwlink/?LinkId=28770

The on-demand version of the webcast will be available 24 hours after the live webcast at:

- http://go.microsoft.com/fwlink/?LinkId=28770


**********************************************************************

TECHNICAL DETAILS


MS04-016

Title: Vulnerability in DirectPlay Could Allow Denial of Service (839643)

Affected Software:

- Microsoft Windows 2000 Service Pack 2

- Microsoft Windows 2000 Service Pack 3

- Microsoft Windows 2000 Service Pack 4

- Microsoft Windows XP

- Microsoft Windows XP Service Pack 1

- Microsoft Windows XP 64-Bit Edition Service Pack 1

- Microsoft Windows XP 64-Bit Edition Version 2003

- Microsoft Windows Server 2003

- Microsoft Windows Server 2003 64-Bit Edition

- Microsoft Windows 98

- Microsoft Windows 98 Second Edition

- Microsoft Windows Millennium Edition


Affected Components:

- Microsoft DirectX 7.0a on Windows 98

- Microsoft DirectX 7.0a on Windows 98 Second Edition

- Microsoft DirectX 7.0 on Windows 2000

- Microsoft DirectX 7.1 on Windows Millennium Edition

- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 98

- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 98 Second Edition

- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows Millennium Edition

- Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 2000

- Microsoft DirectX 8.1, 8.1a, and 8.1b on Windows XP

- Microsoft DirectX 8.1, 8.1a, and 8.1b on Windows Server 2003

- Microsoft DirectX 8.2 on Windows 98

- Microsoft DirectX 8.2 on Windows 98 Second Edition

- Microsoft DirectX 8.2 on Windows Millennium Edition

- Microsoft DirectX 8.2 on Windows 2000

- Microsoft DirectX 8.2 on Windows XP

- Microsoft DirectX 8.2 on Windows Server 2003

- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 98

- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 98 Second Edition

- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows Millennium Edition

- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 2000

- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows XP

- Microsoft DirectX 9.0, 9.0a, 9.0b on Windows Server 2003

Impact of Vulnerability: Denial of Service

Maximum Severity Rating: Moderate

Restart required: In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason or if required files are in use, this update will require a restart. If this occurs, a message is displayed that advises you to restart.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-016.mspx

**********************************************************************

MS04-017

Title: Vulnerability in Crystal Reports Web Viewer could allow Information Disclosure and Denial of Service (842689)

Affected Software:

- Visual Studio .NET 2003

- Outlook 2003 with Business Contact Manager

- Microsoft Business Solutions CRM 1.2


Impact of Vulnerability: Information Disclosure and Denial of Service


Maximum Severity Rating: Moderate

Restart required: This security update will require a restart if the file being updated is in use when the update is applied to the system.

Update can be uninstalled: Some updates can be uninstalled

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-017.mspx

If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Thank you,

Microsoft PSS Security Team


Evelyn Ruf
Microsoft Deutschland GmbH
Konrad-Zuse-Strasse 1, 85716 Unterschleissheim