MinorRev: Microsoft Security Bulletin MS04-004 - Cumulative Security Update for Internet Explorer (832894)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 02/10/04

Next message: Russ: "Alert: Microsoft Security Bulletin MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)"

Previous message: Russ: "Alert: Microsoft Security Bulletin MS04-004 - Cumulative Security Update for Internet Explorer (832894)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 10 Feb 2004 14:06:26 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Reason for Revision:
V1.4 February 9, 2004: Updated the Caveats, Technical Details and
Frequently Asked Question section with information regarding changes to
Internet Explorer's protect store. Switched file version and name
columns for pngfilt.dll in Internet Explorer 5.01 SP2 section of
Security Update Information.

Microsoft Security Bulletin MS04-004:
Cumulative Security Update for Internet Explorer (832894)

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS04-004.asp

Summary:
Version Number: V1.4
Revision Date: 02-09-2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: This update replaces the one that is provided in
Microsoft Security Bulletin MS03-048, which is itself a cumulative
update.
Caveats: Installing this Security Update will invalidate the usernames
and passwords stored in Internet Explorer's protected store. This will
require users to re-enter their username and password when they first
visit web sites that require authentication.
CVE Number(s): CAN-2003-1026,CAN-2003-1027,CAN-2003-1025

Tested Software:
Affected Software:
* Microsoft Windows NT(r) Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack
6
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
* Microsoft Windows XP, Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit
Edition Service Pack 1
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows Server(r) 2003
* Microsoft Windows Server 2003, 64-Bit Edition
* Internet Explorer 6 Service Pack 1: Download the update.
* Internet Explorer 6 Service Pack 1 (64-Bit Edition): Download the
update.
* Internet Explorer 6 for Windows Server 2003: Download the update.
* Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
Download the update.
* Internet Explorer 6: Download the update.
* Internet Explorer 5.5 Service Pack 2: Download the update.
* Internet Explorer 5.01 Service Pack 4: Download the update.
* Internet Explorer 5.01 Service Pack 3: Download the update.
* Internet Explorer 5.01 Service Pack 2: Download the update.

Software Not Affected:

This email is sent to NTBugtraq automagically as a service to my
subscribers. (v2.3)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
-----

Next message: Russ: "Alert: Microsoft Security Bulletin MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)"

Previous message: Russ: "Alert: Microsoft Security Bulletin MS04-004 - Cumulative Security Update for Internet Explorer (832894)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NT] Multiple Vulnerabilities in Internet Explorer (Heap Corruption, Race Condition)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The heap corruption and race condition in Internet Explorer allow ... * Windows XP Professional with Service Pack 2 ... Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows ...
(Securiteam)
Alert: Microsoft Security Bulletin MS04-025 - Cumulative Security Update for Internet Explorer (8678
... Cumulative Security Update for Internet Explorer ... Microsoft Windows NT Server 4.0 Service Pack 6a ... Microsoft Windows Server 2003 64-Bit Edition ...
(NT-Bugtraq)
[EXPL] Microsoft Internet Explorer COM Objects Instantiation (Exploit, MS05-038)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A remote code execution vulnerability exists in the way Internet Explorer ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
(Securiteam)
Need advice on power management
... Microsoft Windows 2000 Professional ... Version: 5.00.2195 Service Pack 4 ... Internet Explorer: v 6.0.2800.1106 ... Outlook Express: v 6.00.2800.1106 ...
(microsoft.public.win2000.general)
Re: Windows 98SE "freezes" for 1 minute every time I close Internet Explorer 6.
... it message came up - you need service pack 1 - well I have service pack one ... listed in the IE 6.0.2800.1103CO about box - and when I go to windows ... Internet Explorer 6 SP1 Update: Internet Explorer May Appear to Stop ... TaskMonitor Registry C:\WINDOWS\taskmon.exe ...
(microsoft.public.windows.inetexplorer.ie6.browser)