Tuesday 13 April 2004

MS Security Bulletins - 13 April

Four MS Security Bulletins issued today. MS04-011 to MS04-013 are labelled critical, MS04-014 is labelled as important

Microsoft Security Bulletin MS04-011

Security Update for Microsoft Windows

This update resolves several newly-discovered vulnerabilities:

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

References:

Microsoft Security Bulletin MS04-012

Cumulative Update for Microsoft RPC/DCOM

This update resolves several newly-discovered vulnerabilities in RPC/DCOM:

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Reported by eEye Digital Security on 10 September 2003

References:

Microsoft Security Bulletin MS04-013

Cumulative Security Update for Outlook Express

This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system.

Secunia reports that Outlook and Internet Explorer can also be used as attack vendors though they are not mentioned in the MS bulletin

References:

Microsoft Security Bulletin MS04-014

Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution

A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

References:

Related Tools

Related News