Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft - May 2004 Security Updates


  • Please log in to reply
2 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:39 PM

Posted 11 May 2004 - 12:56 PM

Microsoft - May 2004 Security Updates
http://www.microsoft.com/security/security...405_windows.asp

MS04-015: Windows Update - Important
http://www.microsoft.com/technet/security/...n/MS04-015.mspx

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should install the update at the earliest opportunity.

Security Update Replacement: None

Caveats: Microsoft Knowledge Base Article 841996 documents a known issue that customers may experience when they install this security update on a system where the Help and Support Center service is disabled. For the installation of this security update to be successful, the Help and Support Center service cannot be disabled. The article also documents recommended solutions for this issue. For more information, see Microsoft Knowledge Base Article 841996.

BC AdBot (Login to Remove)

 


m

#2 magicmunchkin

magicmunchkin

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:United States
  • Local time:04:39 PM

Posted 12 May 2004 - 11:46 AM

Thanks for the tip!!
Magic
Have a Great Day!!!

#3 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:39 PM

Posted 12 May 2004 - 04:04 PM

These two sites provide an excellent analysis of the MS04-015 security update for May 2004:

Analysis of Microsoft Security Update MS04-015
http://www.incidents.org/diary.php?date=2004-05-11
http://www.trendmicro.com/vinfo/virusencyc...OWS_HCP&VSect=T

Because of the way that it handles certain "HCP" URLs, the Help and Support Center is vulnerable to the possibility of remote code execution. The vulnerability could be exploited by a malicious HCP URL and could potentially allow remote code execution. In order for the attack to work, the attacker would only need to convince a user to click on a link to malicious code. According to Microsoft, this issue is rated only as "Important" because they believe that "significant user interaction is required" to exploit the vulnerability.

Further information can be found at:

http://www.microsoft.com/technet/security/...n/MS04-015.mspx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users