Today this arrived in my inbox, courtesy of CERT: ---------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Multiple Vulnerabilities in Microsoft Products
Original release date: April 13, 2004 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows Operating Systems
* Microsoft Windows Remote Procedure Call (RPC) and Distributed
Component Object Model (DCOM) subsystems* Microsoft Windows MHTML Protocol Handler
* Microsoft Jet Database Engine
Overview
Microsoft Corporation has released a series of security bulletins affecting most users of the Microsoft Windows operating system. Users of systems running Microsoft Windows are strongly encouraged to visit the "Windows Security Updates for April 2004" site at
<SNIP>
Impact
Remote attackers could execute arbitrary code on vulnerable systems.
Systems affected
* Windows NT Workstation 4.0
* Windows NT Server 4.0
* Windows NT Server 4.0, Terminal Server Edition
* Windows 2000
* Windows XP
* Windows Server 2003Vulnerability identifiers
The following table outlines these issues and is based on Microsoft's Security Bulletin:
Vulnerability Title |US-CERT ID |CVE ID | Impact of Vulnerability
--------------------+-----------+-------------+------------------------
LSASS Vulnerability |VU#753212 |CAN-2003-0533| Remote Code Execution
LDAP Vulnerability |VU#639428 |CAN-2003-0663| Denial of Service
PCT Vulnerability |VU#586540 |CAN-2003-0719| Remote Code Execution
Winlogon Vulnerabili|VU#471260 |CAN-2003-0806| Remote Code Execution
Metafile Vulnerabili|VU#547028 |CAN-2003-0906| Remote Code Execution
Help and Support Cen|VU#260588 |CAN-2003-0907| Remote Code Execution
Utility Manager Vuln|VU#526084 |CAN-2003-0908| Privilege Elevation
Windows Management V|VU#206468 |CAN-2003-0909| Privilege Elevation
Local Descriptor Tab|VU#122076 |CAN-2003-0910| Privilege Elevation
H.323 Vulnerability |VU#353956 |CAN-2004-0117| Remote Code Execution
Virtual DOS Machine |VU#783748 |CAN-2004-0118| Privilege Elevation
Negotiate SSP Vulner|VU#638548 |CAN-2004-0119| Remote Code Execution
SSL Vulnerability |VU#150236 |CAN-2004-0120| Denial of Service
ASN.1 "Double Free" |VU#255924 |CAN-2004-012
<snip>
And some commentary by a security analyst:
"Microsoft reveals unprecedented 21 vulnerabilities on "Patch Tuesday"
By Edmund X. DeJesus, Contributing Writer 14 Apr 2004 | SearchSecurity.com
Microsoft stunned the security community yesterday with its announcement of 21
serious vulnerabilities in a variety of applications and operating systems.
Administrators are scrambling to implement patches to dozens of components and
applications to avoid consequences that include denial of service, remote
execution of code and complete system takeover. Experts predict that malicious
attackers will unleash damaging assaults on millions of vulnerable machines.
Designated MS04-011, MS04-012, MS04-013 and MS04-014, the four announcements of
the 21 vulnerabilities impact Microsoft products including Internet Explorer,
Office, Outlook, Outlook Express, Visual Studio, Windows 2000, Windows NT 4.0,
Windows Server 2003, Windows XP and NetMeeting."
-----------------------------------------------------------------------
It could be a LOT worse...
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
-- Unsupported OS X is sponsored by <http://lowendmac.com/>
Support Low End Mac <http://lowendmac.com/lists/support.html>
Unsupported OS X list info <http://lowendmac.com/lists/unsupported.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive <http://www.mail-archive.com/unsupportedosx%40mail.maclaunch.com/>
Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
