In unserem Info-Board Forum finden Sie wichtige Informationen zu VB, aktuelle Sicherheitshinweise, sowie allgemeine Infos, die von unseren Moderatoren bereitgestellt wurden. Dieses Forum hat den Status read-only, d.h. nur Moderatoren können neue Beiträge einstellen!

Sie sind aktuell nicht angemeldet.

Funktionen: Einloggen  |  Neu registrieren  |  Suchen

Important Product Vulnerability - December 2004 Microsoft Security Bulletin
Autor: Dieter (Moderator)
Datum: 15.12.04 13:40
Microsoft is releasing five security bulletins for newly discovered vulnerabilities in Microsoft Windows. - 5 Microsoft Security Bulletin affecting Microsoft Windows with a maximum severity of Important, MS04-041, MS04-042, MS04-043, MS04-044, MS04-045. The summary for this month's bulletins can be found at the following page: - http://www.microsoft.com/technet/security/bulletin/ms04-dec.mspx In addition, Microsoft is releasing new updates for Microsoft Visual FoxPro 8.0 and standalone updates for Microsoft .NET Framework in regards to MS04-028. Information on these re-released bulletins may be found at the following pages: - http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. Microsoft will host a webcast to address customer questions on these bulletins. For more information on this webcast please see below: - Information about Microsoft's December Security Bulletins - Wednesday, December 15, 2004 11:00 AM (GMT-08:00) Pacific Time (US & Canada) - http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032264801&Culture=en-US - The on-demand version of the webcast will be available 24 hours after the live webcast at: - http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032264801&Culture=en-US ********************************************************************** TECHNICAL DETAILS MS04-041 Title: Vulnerability in WordPad Could Allow Code Execution (885836) Affected Software: - Microsoft Windows NT Server 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Microsoft Windows XP 64-Bit Edition Service Pack 1 - Microsoft Windows XP 64-Bit Edition Version 2003 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 64-Bit Edition - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Restart required: No Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-041.mspx ********************************************************************** MS04-042 Title: Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249) Affected Software: - Microsoft Windows NT Server 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 Non-Affected Software: - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Microsoft Windows XP 64-Bit Edition Service Pack 1 - Microsoft Windows XP 64-Bit Edition Version 2003 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 64-Bit Edition - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Restart required: Yes Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-042.mspx ********************************************************************** MS04-043 Title: Vulnerability in HyperTerminal Could Allow Code Execution (873339) Affected Software: - Microsoft Windows NT Server 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Microsoft Windows XP 64-Bit Edition Service Pack 1 - Microsoft Windows XP 64-Bit Edition Version 2003 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 64-Bit Edition Non-Affected Software: - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Affected Components: - HyperTerminal Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Restart required: No Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx ********************************************************************** MS04-044 Title: Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) Affected Software: - Microsoft Windows NT Server 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Microsoft Windows XP 64-Bit Edition Service Pack 1 - Microsoft Windows XP 64-Bit Edition Version 2003 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 64-Bit Edition Non-Affected Software: - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Impact of Vulnerability: Elevation of Privilege Maximum Severity Rating: Important Restart required: Yes Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx ********************************************************************** MS04-045 Title: Vulnerability in WINS Could Allow Remote Code Execution (870763) Affected Software: - Microsoft Windows NT Server 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 64-Bit Edition Non-Affected Software: - Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Microsoft Windows XP 64-Bit Edition Service Pack 1 - Microsoft Windows XP 64-Bit Edition Version 2003 - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Restart required: In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are in use, this update will require a restart. If this occurs, a message appears that advises you to restart. Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx ********************************************************************** MS04-028 Title: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) Affected Software (re-release only): - Microsoft Visual FoxPro 8.0 - Microsoft Visual FoxPro 8.0 Runtime Library New Stand-alone updates available for: - Microsoft .NET Framework version 1.0 Service Pack 2 - Microsoft .NET Framework version 1.1 Reason for Re-issue: The bulletin has been updated to advise on the availability of additional updates that help address this vulnerability: - Standalone security updates for The Microsoft .NET Framework version 1.0 Service Pack 2 and The Microsoft .NET Framework version 1.1 are now available. Based on customer feedback, Microsoft has created standalone updates for customers who have not yet deployed .NET Framework 1.0 Service Pack 3 or .NET Framework 1.1 Service Pack 1. However, Microsoft recommends that customers install the latest version of the appropriate service pack in order to receive the best protection from this vulnerability as well as other security related issues. Customers can either install The Microsoft .NET Framework 1.0 Service Pack 3 or The Microsoft .NET Framework 1.1 Service Pack 1. Customers that have already installed these service packs do not need to apply these additional security updates. - Security updates for Microsoft Visual FoxPro 8.0 are now available. Developers should use the update for Microsoft Visual FoxPro 8.0 to update their development environment. Customers using third party applications that were developed using Microsoft Visual FoxPro 8.0 that distribute a copy of the vulnerable gdiplus.dll file should evaluate the need to deploy the security update for the Microsoft Visual FoxPro 8.0 Runtime Library. - Windows Messenger 5.0 distributes a copy of the vulnerable version of the gdiplus.dll file. However, it is not vulnerable to any known or likely attack vectors and therefore is not considered to be vulnerable to this issue. However, customers that are concerned about the presence of this file and possible future attack vectors that may be found should upgrade to Windows Messenger 5.1. Windows Messenger 5.1 contains the latest version of the gdiplus.dll file and is the recommended version of Windows Messenger. Windows Messenger 5.1 can be downloaded from the following Web site. The MS04-028 Enterprise Update Scanning Tool has been updated to detect and deploy the stand along security updates for The Microsoft .NET Framework version 1.0 Service Pack 2 and The Microsoft .NET Framework version 1.1 as well as the Microsoft Visual FoxPro 8.0 and the Microsoft Visual FoxPro 8.0 runtime. Since Windows Messenger is not considered to be vulnerable to any known or likely attack vectors, it has not been included in this update. For more information about the MS04-028 Enterprise Update Scanning Tool, see Microsoft Knowledge Base Article 886988. More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS. If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary at the number located at http://support.microsoft.com/security Thank you, Microsoft PSS Security Team

Important Product Vulnerability - December 2004 Microsoft S...

4.560

Dieter

15.12.04 13:40

In unserem Info-Board finden Sie wichtige Infos, die von den Moderatoren für Sie bereitgestellt wurden. Sie haben ebenfalls einen wichtigen Beitrag für dieses Forum? Dann wenden Sie sich bitte direkt an den  Webmaster.

Funktionen:  Zum Thema  |  Gesamtübersicht

Suchen