Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Bulletins - April 2004 (#11-14)


  • Please log in to reply
2 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:01 AM

Posted 13 April 2004 - 01:27 PM

The following Microsoft vulnerabilities were announced on April 13, 2004. I hope all of these go in smoothly for everyone. I highly recommend using Windows Update to apply these as soon as possible as 3 of the 4 are noted as critical

MS04-011 - Security Update for Microsoft Windows (835732)
Rated by Microsoft as: CRITICAL
http://www.microsoft.com/technet/security/...n/ms04-011.mspx

MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
Rated by Microsoft as: CRITICAL
http://www.microsoft.com/technet/security/...n/ms04-012.mspx

MS04-013 - Cumulative Security Update for Outlook Express (837009)
Rated by Microsoft as: CRITICAL
http://www.microsoft.com/technet/security/...n/ms04-013.mspx

MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
Rated by Microsoft as: IMPORTANT
http://www.microsoft.com/technet/security/...n/ms04-014.mspx

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:01 AM

Posted 13 April 2004 - 10:08 PM

Thanks for letting us know. Going to post a news item about this so everyone knows to download the updates.

#3 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:01 AM

Posted 20 April 2004 - 08:24 AM

Microsoft April 2004 Updates - 3 minor issues

Microsoft did a quality job overall given the magnitude of the 20 bundled security changes in the April 2004 updates. Below are some 3 minor issues reported so far in our 11,000 member My IT Forums. Hopefully, the good quality and regression testing exterted by Microsoft will continue to hold up.


# 1 - ROAMING PROFILES & MAPPED DRIVE ISSUES

First issue encountered with MS04-011 - This from my colleague and administrator of our Citrix farm... We've discovered that the -011 patch messes up roaming profiles and homedrive homepath mappings – Supposedly MS has quite few cases on this. I don’t think you use roaming profiles but hope there is nothing else mucked up – wanted to give you an FYI



# 2 - WINDOWS NT 4 - NTOSKRNL.EXE ISSUES

I've seen this on servers that were originally Uniprocessor HALs that were converted to Multiprocessor HALS later. When the patch runs, it replaces ntoskrnl.exe with the wrong HAL version. I have seen an issue on some of my NT 4.0 Workstation PC's. I get a missing NTOSKRNL.EXE on reboot. To fix it I had to restore the NTOSKRNL.EXE from C:\WINNT\$KB835732$ Anyone else seen this?



# 3 - WINDOWS 2003 IE 6 ISSUE (after updates) - Cipher Strength = 0

NTBugtraq Mailing List

This is a functionality regression that has been around for some time. The weird part of the MS04-011 patch is that it only occurs on Windows 2003.

KB261328: Cipher Strength Appears as 0-Bit in Internet Explorer
http://support.microsoft.com/?kbid=261328

SYMPTOMS - In Microsoft Internet Explorer, you may experience the following behaviors: When you click About Internet Explorer on the Help menu, the Cipher Strength value is 0-bit. -and- You cannot connect to and view Web pages on secure Web sites.

CAUSE - This behavior can occur if the Schannel.dll, Rsabase.dll, or Rsaenh.dll files are missing, damaged, or of the incorrect version.

-----Original Message-----

Subject: [Full-Disclosure] MS04-011 Break SSL support in IE 6.0.3790.0 with Windows 2003

Hello everyone, A warning to all Windows 2003 user, this happened on two machine who had the exact same software configuration but different hardware. After installing the latest set of patches from microsoft, I was unable to access sites using SSL, after some investigation it turned out that my IE Cipher strength was set to 0 bit ... After lot of troubleshooting and tryout with the different solutions offered by Microsoft I decided to take a guess and uninstall the MS04-011 patch... Well, the problem solved itself, the IE Cipher Strength is now at 128 like it was before, I can now access sites using SSL, windowsupdate, msn, etc ... Weird ..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users