Zitat:

Today 8 June 2004 Microsoft is releasing updates for two newly discovered vulnerabilities affecting Microsoft Windows, Microsoft Office, Microsoft Visual Studio, and Microsoft Business Solutions CRM. - One Microsoft Security Bulleting affecting Microsoft Windows with a maximum severity of Moderate, MS04-016 - One Microsoft Security Bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft Business Solutions CRM with a maximum severity rating of Moderate, MS04-017 The summary for these new bulletins may be found at the following page: http://www.microsoft.com/technet/security/bulletin/ms04-jun.mspx Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. Microsoft will host a webcast tomorrow to address customer questions on these bulletins. For more information on this webcast please see below: - Information about Microsoft’s June 2004 Security Bulletins - 6/9/2004 10:00 AM - 6/9/2004 11:00 AM - (GMT -08:00) Pacific Time - http://go.microsoft.com/fwlink/?LinkId=28770 The on-demand version of the webcast will be available 24 hours after the live webcast at: http://go.microsoft.com/fwlink/?LinkId=28770 ********************************************************************** TECHNICAL DETAILS MS04-016 Title: Vulnerability in DirectPlay Could Allow Denial of Service (839643) Affected Software: - Microsoft Windows 2000 Service Pack 2 - Microsoft Windows 2000 Service Pack 3 - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP - Microsoft Windows XP Service Pack 1 - Microsoft Windows XP 64-Bit Edition Service Pack 1 - Microsoft Windows XP 64-Bit Edition Version 2003 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 64-Bit Edition - Microsoft Windows 98 - Microsoft Windows 98 Second Edition - Microsoft Windows Millennium Edition Affected Components: - Microsoft DirectX 7.0a on Windows 98 - Microsoft DirectX 7.0a on Windows 98 Second Edition - Microsoft DirectX 7.0 on Windows 2000 - Microsoft DirectX 7.1 on Windows Millennium Edition - Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 98 - Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 98 Second Edition - Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows Millennium Edition - Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b on Windows 2000 - Microsoft DirectX 8.1, 8.1a, and 8.1b on Windows XP - Microsoft DirectX 8.1, 8.1a, and 8.1b on Windows Server 2003 - Microsoft DirectX 8.2 on Windows 98 - Microsoft DirectX 8.2 on Windows 98 Second Edition - Microsoft DirectX 8.2 on Windows Millennium Edition - Microsoft DirectX 8.2 on Windows 2000 - Microsoft DirectX 8.2 on Windows XP - Microsoft DirectX 8.2 on Windows Server 2003 - Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 98 - Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 98 Second Edition - Microsoft DirectX 9.0, 9.0a, 9.0b on Windows Millennium Edition - Microsoft DirectX 9.0, 9.0a, 9.0b on Windows 2000 - Microsoft DirectX 9.0, 9.0a, 9.0b on Windows XP - Microsoft DirectX 9.0, 9.0a, 9.0b on Windows Server 2003 Impact of Vulnerability: Denial of Service Maximum Severity Rating: Moderate Restart required: In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason or if required files are in use, this update will require a restart. If this occurs, a message is displayed that advises you to restart. Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-016.mspx ********************************************************************** MS04-017 Title: Vulnerability in Crystal Reports Web Viewer could allow Information Disclosure and Denial of Service (842689) Affected Software: - Visual Studio .NET 2003 - Outlook 2003 with Business Contact Manager - Microsoft Business Solutions CRM 1.2 Impact of Vulnerability: Information Disclosure and Denial of Service Maximum Severity Rating: Moderate Restart required: This security update will require a restart if the file being updated is in use when the update is applied to the system. Update can be uninstalled: Some updates can be uninstalled More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-017.mspx If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. Thank you, Microsoft PSS Security Team