JmanB
Premium,VIP
join:2003-08-27
Redmond, WA
 ·Vonage
| Microsoft Security Bulletin(s) for 10/12/2004
October 12, 2004
Today Microsoft released the following Security Bulletins.
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summaries:
October Summary
»www.microsoft.com/technet/securi···oct.mspx
Critical Bulletins:
MS04-032 – Security Update for Microsoft Windows (840987)
»www.microsoft.com/technet/securi···032.mspx
MS04-033 – Vulnerability in Microsoft Excel Could Allow Code Execution (886836)
»www.microsoft.com/technet/securi···033.mspx
MS04-034 – Vulnerability in Compressed (zipped) Folders Could Allow Code Execution (873376)
»www.microsoft.com/technet/securi···034.mspx
MS04-035 - Vulnerability in SMTP Could Allow Remote Code Execution (885881)
»www.microsoft.com/technet/securi···035.mspx
MS04-036 - Vulnerability in NNTP Could Allow Code Execution (883935)
»www.microsoft.com/technet/securi···036.mspx
MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
»www.microsoft.com/technet/securi···037.mspx
MS04-038 - Cumulative Security Update for Internet Explorer (834707)
»www.microsoft.com/technet/securi···038.mspx
Important Bulletins:
MS04-029 – Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)
»www.microsoft.com/technet/securi···029.mspx
MS04-030 – Bulletin Title Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
»www.microsoft.com/technet/securi···030.mspx
MS04-031 – Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
»www.microsoft.com/technet/securi···031.mspx
Re-Released Bulletins:
MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
»www.microsoft.com/technet/securi···028.mspx
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights. |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25 |  Was it me or did I see 15 MS Security Bulletins today? This was from NTBugTraq mailing list. |
|
trooper1
Premium
join:2002-03-13 | reply to JmanB
thanks for the info.
Boy, these are an awful lot of bulletins for one month. |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | reply to JmanB
I wonder when they're going to package all these into an update for their regular Update page so that those who don't do one at a time, but do click on Update on their computers, will get them all. Any thoughts? |
|
JmanB
Premium,VIP
join:2003-08-27
Redmond, WA
·Vonage
| reply to JmanB
There were 10 bulletins released today and one re-release.
Additionaly, we released a new MS04-028 deployment tool:
»support.microsoft.com/default.as···d=886988
--
Jerry Bryant - Microsoft IT Communities. This posting is provided "AS IS" with no warranties, and confers no rights. |
|
bluepoint
join:2001-03-24 | reply to JmanB
Thanks jb, got IE cummulative update for XPSP2 from WU, going good so far. |
|
Inernetjunky
join:2003-11-07
USA
| reply to jaykaykay
quote:
I wonder when they're going to package all these into an update for their regular Update page so that those who don't do one at a time, but do click on Update on their computers, will get them all. Any thoughts?
I just got my Windows update notifier thingie in my task bar. I could be wrong, but I believe it is what you are asking for. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to JmanB
5 critical updates for Win2000 have showed up in Windows Update since yesterday; must be these ones... |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | reply to JmanB
Aha! So these updates apply to only those who have installed SP2 I take it? I find no updates when I check the WU page, have received no email announcing them, but having not installed SP2 might be the reason why. |
|
Buddel
If it ain't broke, don't fix it.
Premium
join:2004-03-06
EU | reply to JmanB
I got only 1 update for Internet Explorer 6 SP1 (Windows ME). MS released 15(?) Security Bulletins today, so I thought I would get more than just one update. Am I right in thinking that most updates were released for NT-based operating systems? |
|
bluepoint
join:2001-03-24
| reply to jaykaykay
said by jaykaykay  :
Aha! So these updates apply to only those who have installed SP2 I take it?
Not really, for example according to MS04-038, XP and XPSP1 is also affected.
This update contains several functionality and security changes which are documented in the FAQ section for this update.
Tested Software and Security Update Download Locations:
Affected Software:
• Microsoft Windows NT Server 4.0 Service Pack 6a
• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP 64-Bit Edition Service Pack 1
• Microsoft Windows XP 64-Bit Edition Version 2003
• Microsoft Windows Server 2003
• Microsoft Windows Server 2003 64-Bit Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.
|
|
Tablet
Premium
join:2003-01-15
Czech | reply to JmanB
With WinXP SP2 you only need the Cumulative update for Internet Explorer SP2. On SP2 system it only corrects the Drag and Drop vulnerability. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| reply to Buddel
said by Buddel :
I got only 1 update for Internet Explorer 6 SP1 (Windows ME). MS released 15(?) Security Bulletins today, so I thought I would get more than just one update. Am I right in thinking that most updates were released for NT-based operating systems?
Some under the critical update heading applied to WinME, but they referred to the faq which said it wasn't a critical update for WinME so it wouldn't be provided. Didn't make sense to me.
--
Kerry/Edwards 2004 |
|
Khaine
join:2003-03-03
Australia | reply to JmanB
Thanks jbMSFT  |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to JmanB
Why is it that these bulletins are always posted here WAY before I get them in my dslr mail account? I still don't have them and it is 1PM HST.
I gather there is only one for XP SP1? Good. I don't use Windows Update since version 5 at all so I depend on this site and the bulletins to tell me what I need. (I do still use Windows Update for my 98SE box because that is still version 4).
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by Mele20 :
Why is it that these bulletins are always posted here WAY before I get them in my dslr mail account? I still don't have them and it is 1PM HST.
Same here, but I get mine from NTBugTraq the fastest. MS is slow in sending me the bulletins. 
I am not sure who is faster though: NTBugTraq vs. jbMSFT. 
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check almost daily)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
bcool
Premium
join:2000-08-25
The Ozarks
1 edit | reply to jaykaykay
said by jaykaykay :
Aha! So these updates apply to only those who have installed SP2 I take it? I find no updates when I check the WU page, have received no email announcing them, but having not installed SP2 might be the reason why.
Gosh, I hope not. I just got done installing six(6) of these updates based on the chart that MS provided:
Cummulative IE6SP1, MS04-030/031/032/034/037.
WINXP SP1 Home Ed.
IE6SP1 |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| reply to Mele20
said by Mele20 :
Why is it that these bulletins are always posted here WAY before I get them in my dslr mail account? I still don't have them and it is 1PM HST.
I would agree. While I check my WU often, I also get email from MS with Security Bulletins and have still not received any. If all of these listed updates are new ones and have not been noted prior to this thread, they are still not showing up when I check on WU. The only thing that it shows for my computer that hasn't been updated is SP2. All else is up to date. Strange. |
|
WFO
Premium
join:2001-08-27
San Ramon, CA | reply to JmanB
LOL... this is the third "high priority" update for SP2 since it's release. I've plucked all 3 off WU before "automatic updates" downloaded anything.:p Guess it's time to turn that off too as it's useless to me.:p |
|
trooper1
Premium
join:2002-03-13
·AirTel
| reply to Tablet
said by Tablet :
With WinXP SP2 you only need the Cumulative update for Internet Explorer SP2. On SP2 system it only corrects the Drag and Drop vulnerability.
that would be the ms04-38 bulletin.
According to the executive summary, only drag and drop vulnerability is there in IE6 SP2.
Finally, some benefit of upgrading to XP SP2.
d00by
--
XP Pro SP2 | Firefox | Allie Keys: People believe what they want to believe. They find meaning where they can and they cling to it. In the end, it really doesn't matter what's a trick and what's true. What matters is that people believe. |
|
