Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

July 2004 - WINDOWS SECURITY UPDATES


  • Please log in to reply
2 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:56 PM

Posted 14 July 2004 - 05:21 AM

July 2004 - WINDOWS SECURITY UPDATES
http://www.microsoft.com/technet/security/current.aspx

MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
rated as: IMPORTANT
http://www.microsoft.com/technet/security/...n/MS04-024.mspx

MS04-023: IE 6 SP1 Vulnerability in HTML Help Could Allow Code Execution (840315): MS04-023
rated as: CRITICAL
http://www.microsoft.com/technet/security/...n/MS04-023.mspx

MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873)
rated as: CRITICAL
http://www.microsoft.com/technet/security/...n/MS04-022.mspx

MS04-021: Security Update for IIS 4.0 (841373)
rated as: IMPORTANT
http://www.microsoft.com/technet/security/...n/MS04-021.mspx

MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872)
rated as: IMPORTANT
http://www.microsoft.com/technet/security/...n/MS04-020.mspx

MS04-019: Vulnerability in Utility Manager Could Allow Code Execution (842526)
rated as: IMPORTANT
http://www.microsoft.com/technet/security/...n/MS04-019.mspx

MS04-018: Cumulative Security Update for Outlook Express (823353)
rated as: MODERATE
http://www.microsoft.com/technet/security/...n/MS04-018.mspx

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:56 PM

Posted 14 July 2004 - 05:26 AM

Posted Image The Internet Storm Center has an excellent description of the protection offered with each of the updates (it's the 1st site I check each morning). While an individual security update may be rated as Important, Moderate, or Critical, every security patch should be considered “critical” for protecting your system. An Important or Moderate rating just means that an vulnerable security hole may require significant user action or may be very complex for malicious individuals to develop.

July 2004 - Windows Update (Summary of the Risks Covered
http://www.incidents.org/diary.php?date=2004-07-13

As expected, Microsoft issued its monthly security bulletin today. There are several patches designated as "critical" and "important." You can read the technical bulletin at the following URL:

http://www.microsoft.com/technet/security/...n/ms04-jul.mspx

There is also a non-technical version of the alerts at the following URL:

http://www.microsoft.com/security/bulletin...07_windows.mspx

Swa Frantzen, a fellow ISC handler, wrote up the following summary of issues addressed by Microsoft's security bulletin:

MS04-018: References CAN-2004-0215 Users of Outlook Express should look into this one. For now it's a DoS only, so it can probably be last on your priorities. As always with this kind of software, the preview pane aggravates the problem. Turning preview panes off is a good idea.

MS04-19: References CAN-2004-0213 Local users can escalate to system privilege levels. If you don't trust all your local users this is probably somewhat more than important to deal with soon. This can probably be exploited later in a compounded attack, so best to take care of it even if you trust your local users.

MS04-20: References CAN-2004-0210 A buffer overflow in the POSIX code causes local users to be able to completely control the system. For now Windows XP and 2003 are exempt form this. If you don't trust all your local users this is probably somewhat more than important to deal with soon. This can probably be exploited later in a compounded attack, so best to take care of it even if you trust your local users.

MS04-21: References CAN-2004-0205 IIS 4.0 remote buffer overflow - full remote control. If you still use IIS 4.0 this is probably yet another reason to upgrade.

MS04-22: References CAN-2004-0212 REMOTE code execution in the task scheduler with the privileges of the logged in user. Windows 2003 is for now exempt from the problem. Interesting workaround: block access to files ending in ".job" in the perimeter

MS04-23: References CAN-2004-0201 and CAN-2003-1041 Remote code execution in the help system with the privileges of logged in user. Outlook is a transport vector for this vulnerability--easy worm potential!

MS04-24: References CAN-2004-0420 Remote code execution via Windows shell with the privileges of logged in user. Exploit uses the COM subsystem to trigger execution that's supposed to be blocked based on extensions. Although Microsoft considers this patch "important," public availability of the exploit raises our assessment the vulnerability's severity.

#3 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:56 PM

Posted 14 July 2004 - 08:36 PM

This ZDNET article encourages ADMINS to patch as quickly as possible. It anticipates a blended threat will most likely surface. The security implications of compromising the Windows Shell are very serious. It might be the Linux equivalent of "you've got root".

The caption for selecting this article read: "One of the seven Windows vulnerabilities patched by Microsoft on Tuesday is the most likely to be exploited by a worm according to experts. Patch now, worms predicted in five to seven days."


MS04-024 Article - This "important" patch may be the "most critical" of all
http://zdnet.com.com/2100-1105-5268989.html

Security experts are bracing themselves for a spate of new worms and viruses designed to exploit of the seven new vulnerabilities announced by Microsoft on Tuesday as part of its monthly patch cycle.  Of the new vulnerabilities, Windows Shell (MS04-024)--has been picked out by security experts as a potential target for future worms and viruses.

Ben Nagy, senior security engineer at security researcher firm eEye, said he expects the Windows Shell bug to be the most serious threat--despite Microsoft rating the problem as 'important' rather than 'critical'.

According to Microsoft, if a user is vulnerable to MS04-024 and has administrator privileges, an attacker could "take complete control of the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges."

However, the flaw is not rated as critical because it would require "significant user interaction" to work. This means that a user would need to open an e-mail attachment, or download a file from a malicious Web site. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users