BleepingComputer.com > OCTOBER 2004 - MICROSOFT SECURITY BULLETINS

Full Version: OCTOBER 2004 - MICROSOFT SECURITY BULLETINS

BleepingComputer.com > Security > Breaking Virus & Security News

harrywaldron

Oct 12 2004, 01:02 PM

There are 10 updates for October (7 Critical and 3 Important)

OCTOBER 2004 - MICROSOFT SECURITY BULLETINS
http://www.microsoft.com/technet/security/...n/ms04-oct.mspx

3 BULLETINS RATED AS IMPORTANT

MS04-029 -- Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)

Executive Summary: An information disclosure and denial of service vulnerability exists that could cause the affected system

to stop responding or could potentially read portions of active memory content.

MS04-030 -- Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)

Executive Summary: A Denial of Service vulnerability exists that could cause the affected system to stop responding to requests.

MS04-031 -- Vulnerability in NetDDE Could Allow Remote Code Execution (841533)

Executive Summary: A remote code execution vulnerability exists in the NetDDE services because of an unchecked buffer.

BULLETINS RATED AS CRITICAL

MS04-032 -- Security Update for Microsoft Windows (840987)

Executive Summary: A remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service

vulnerability exist in Windows. The most severe vulnerability could allow remote code execution on an affected system.

MS04-033 -- Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)

Executive Summary: A vulnerability exists in Microsoft Excel that could allow remote code execution on an affected system.

MS04-034 -- Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

Executive Summary: A vulnerability exists in the way that Windows processes Compressed (zipped) Folders that could allow remote code execution on an affected system.

MS04-035 -- Vulnerability in SMTP Could Allow Remote Code Execution (885881)

Executive Summary: A vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system.

MS04-036 -- Vulnerability in NNTP Could Allow Remote Code Execution (883935)

Executive Summary: A vulnerability exists in the Windows NNTP Component that could allow remote code execution on an affected system.

MS04-037 -- Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)

Executive Summary: A vulnerability exists in the way that the Windows Shell launches applications. A vulnerability exists in Program Group Converter because of the way that it handles specially crafted requests. Both could allow remote code execution on an affected system.

MS04-038 -- Cumulative Security Update for Internet Explorer (834707)

Executive Summary: Five remote code execution and three information disclosure vulnerabilities exist in Internet Explorer.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.