Security Issue |
Description |
MS04-014
|
A
buffer overrun vulnerability exists in the Microsoft Jet Database
Engine (Jet) that could allow remote code execution. An attacker who
successfully exploited this vulnerability could take complete control
of an affected system, including installing programs; viewing, changing,
or deleting data; or creating new accounts that have full privileges.
Microsoft recommends that customers
install the update at the earliest opportunity.
|
MS04-013
|
This is a cumulative
update that includes the functionality of all the previously-released
updates for Outlook Express 5.5 and Outlook Express 6. Additionally,
it eliminates a new vulnerability that could allow an attacker who
successfully exploited this vulnerability to access files and to take
complete control of the affected system. This could occur even if
Outlook Express is not used as the default e-mail reader on the system.
Microsoft recommends that customers
install this update immediately.
|
MS04-012
|
This
update resolves several newly-discovered vulnerabilities in RPC/DCOM.
Each vulnerability is documented in this bulletin in its own section.
An attacker who successfully
exploited the most severe of these vulnerabilities could take complete
control of the affected system. An attacker could then take any
action on the affected system, including installing programs; viewing,
changing, or deleting data; or creating new accounts that have full
privileges.
Microsoft recommends customers
apply the update immediately.
|
MS04-011
|
This update resolves several
newly-discovered vulnerabilities. Each vulnerability is documented
in this bulletin in its own section.
An attacker who successfully
exploited the most severe of these vulnerabilities could take complete
control of an affected system, including installing programs; viewing,
changing, or deleting data; or creating new accounts that have full
privileges.
Microsoft recommends that customers
apply the update immediately.
|
MS04-005 |
A security vulnerability exists in Microsoft Virtual PC for Mac. The
vulnerability exists because of the method by which Virtual PC for
Mac creates a temporary file when you run Virtual PC for Mac. An attacker
could exploit this vulnerability by inserting malicious code into
the file which could cause the code to be run with system privileges.
This could give the attacker complete control over the system.
To exploit this vulnerability, an attacker would have to already
have a valid logon account on the local system, or the attacker
would already have to have access to a valid logon account.
|
MS04-004
|
Some Internet
Explorer 6.0 Service Pack 1 users may receive an error while attempting
to access SSL secured Web Sites. This error will present itself as
a HTTP 500 (Internal Server Error) and only occurs when accessing
web servers using SSL/TLS 3.0 with a specific configuration. An update
for this issue is available, please see Knowledge Base article 831167.
This update will be included in future Cumulative Security Updates
for Internet Explorer 6.0 Service Pack 1. Also, this Security Update
will invalidate the usernames and passwords stored in Internet Explorer’s
protected store. This will require users to re-enter their username
and password when they first visit web sites that require authentication.
|
MS03-051 |
Subsequent to the release of this bulletin, it was determined that
the vulnerability addressed also affects other versions of the affected
products and components. Microsoft has updated the bulletin with additional
information about Windows XP 64-Bit Edition and Office 2000 Server
Extensions and also to direct users to an update for these additional
affected platforms. |
MS03-049
|
A security
vulnerability exists in the Workstation service that could allow remote
code execution on an affected system. This vulnerability results because
of an unchecked buffer in the Workstation service.
If exploited, an attacker could gain System privileges on an affected
system, or could cause the Workstation service to fail. An attacker
could take any action on the system, including installing programs,
viewing data, changing data, or deleting data, or creating new accounts
with full privileges.
|
MS03-048 |
This is a cumulative update that includes the functionality of all
the previously-released updates for Internet Explorer 5.01, Internet
Explorer 5.5, and Internet Explorer 6.0.
|
MS03-045
|
Microsoft
re-issued this bulletin on Janurary 13, 2004 to advise on the availability
of an updated Windows NT 4.0 Workstation and Server patch for the
Arabic, Hebrew, and Thai languages.
|
MS03-044
|
A security vulnerability exists in the Help and Support Center function
which ships with Windows XP and Windows Server 2003. The affected
code is also included in all other supported Windows operating systems,
although no known attack vector has been identified at this time because
the HCP protocol is not supported on those platforms. The vulnerability
results because a file associated with the HCP protocol contains an
unchecked buffer.
|
MS03-043 |
Windows NT
4.0 Client Computers may have network-related problems after installing
this security update. Microsoft encourages customers to review the
details of Microsoft Knowledge Base Article http://support.microsoft.com/?kbid=831579
|
MS03-042
|
Microsoft re-issued this bulletin on October 29, 2003 to advise on
the availability of an updated Windows 2000 patch. This revised patch
corrects the Debug Programs (SeDebugPrivilege) user right issue that
some customers experienced with the original patch that is discussed
in Knowledge Base Article 830846. This problem is unrelated to the
security vulnerability discussed in this bulletin. If you have previously
applied this security patch, this update does not need to be installed.
|
MS03-041
|
There is
a vulnerability in Authenticode that, under certain low memory conditions,
could allow an ActiveX control to download and install without presenting
the user with an approval dialog.
|
MS03-040
|
This is a cumulative patch that includes the functionality of all
previously released patches for Internet Explorer 5.01, 5.5 and 6.0.
Patch: here
|
|
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Affected Software: Microsoft Windows
Patch: here
|
MS03-039
|
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
This is Microsoft's expanded bulletin on the RPC code execution
vulnerability bulletin MS03-026. Microsoft announced yesterday that
there are now two known RPC vulnerabilities and a Denial of Service
vulnerability all covered in MS03-039. This means that all prior patches
for the Blaster Worm and for the MS03-026 vulnerabilities are in essence,
inadequate. Microsoft has released new patches
here.
Note: Texas.net customers affected by this vulnerability are usually
running
Windows 2000 or
Windows XP (not the 64 bit edition). There may
be a few customers running
Windows NT. Please do not get confused by the
64 bit and server versions of the patch.
|
MS03-033
|
Unchecked Buffer in MDAC Function Could Enable System Compromise
(823718)
Affected Software: Microsoft Windows
Patch: here
|
MS03-032
|
Cumulative Patch for Internet Explorer (822925)
Affected Software: Internet Explorer 5.0.1-6.0
Patch: here
|
MS03-030: |
Unchecked Buffer in DirectX Could Enbale System Compromise (819696)
Affected Software: Microsoft DirectX 5.2 (Win 98), 6.1 (Win 98 SE), 7.0a (Win ME), 7.0 (Win 2K), 8.1 (Win XP), 9.0a (Win ME, 2K, XP)
Patch: Win 2K, Win XP, Upgrade to 9.0b for Win 98, Win 98 SE, Win ME
|
MS03-027: |
Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
Affected Software: Windows XP
Patch: here |
MS03-026: |
Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Affected Software: Windows XP, Windows 2000
Patch: Windows XP, Windows 2000 |
MS03-025: |
Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679)
Affected Software: Windows 2000
Patch: here |
MS03-024: |
Buffer Overrun in Windows COuld Lead to Data Corruption (817606)
Affected Software: Windows 2000, Windows XP
Patch: Windows XP, Windows 2000 |
MS03-023: |
Buffer Overrun in HTML Converter Could Allow Code Execution (823559)
Affected Software: Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP
Patch:
Win 98, Win 98SE,
Win ME,
Win 2k,
Win XP. Once the patch is downloaded and installed, please visit the
Cert advisory page for more information how to
disable paste operations via script and active scripting.
|
MS03-022: |
Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
Affected Software: Windows 2000
Patch: here |
MS03-021 |
Flaw In Windows Media Player May Allow Media Library Access (819639)
Affected Software: Windows Media Player 9 Series
Patch: here |
MS03-020: |
Cumulative Patch for Internet Explorer (818529)
Affected Software: Internet Explorer 5.0.1, 5.5, 6.0
Patch: here |
MS03-019: |
Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (817772)
Affected Software: Windows 2000
Patch: here |