MinorRev: Microsoft Security Bulletin MS04-021 - Security Update for IIS 4.0 (841373)
From: Russ Cooper (Russ.Cooper_at_TRUSECURE.CA)
Date: 08/10/04
- Previous message: Russ Cooper: "MajorRev: v2.0 Microsoft Security Bulletin MS04-020 - Vulnerability in POSIX Could Allow Code Execution (841872)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 9 Aug 2004 18:20:55 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft Security Bulletin MS04-021:
Security Update for IIS 4.0 (841373)
Bulletin URL:
<http://www.microsoft.com/technet/security/bulletin/MS04-021.mspx>
Reason for Revision: Updated Caveats and Security Update Information sections to document that this security update requires, as a prerequisite, the security update provided as part of MS03-018. You must install the MS03-018 security update before you install the security update that is provided in this security bulletin.
Version Number: 1.2
Issued Date: Tuesday, July 13, 2004
Revision Date: Friday, August 06, 2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Patch(es) Replaced: None
Caveats: Subsequent to the release of this bulletin, Microsoft was informed of an issue regarding installing this security update on systems running ISAPI filters. For more information and a recommended solution for this issue, see Microsoft Knowledge Base Article 873401. This security update requires, as a prerequisite, the security update provided as part of MS03-018. You must install the MS03-018 security update before you install the security update that is provided in this security bulletin.
Tested Software:
Affected Software:
------------------
* Microsoft Windows NT. Workstation 4.0 Service Pack 6a
<http://tinyurl.com/6gb4r>
* Microsoft Windows NT Server 4.0 Service Pack 6a
<http://tinyurl.com/6gb4r>
Affected Components:
--------------------
* Microsoft Internet Information Server (IIS) 4.0
Technical Description:
----------------------
* IIS Redirection Vulnerability - CAN-2004-0205: A buffer overrun vulnerability exists in Internet Information Server 4.0 that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Revision History:
-----------------
* v1.0 - 7/13/2004: Bulletin published
* v1.1 - 7/21/2004: Updated Registry Key Verification section. Updated Caveats section to reflect the availability of Microsoft Knowledge Base Article 873401.
* v1.2 - 8/6/2004: Updated Caveats and Security Update Information sections to document that this security update requires, as a prerequisite, the security update provided as part of MS03-018. You must install the MS03-018 security update before you install the security update that is provided in this security bulletin.
This email is sent to NTBugtraq automagically as a service to my subscribers. (v4.01.1664.40858)
Cheers,
Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: Russ Cooper: "MajorRev: v2.0 Microsoft Security Bulletin MS04-020 - Vulnerability in POSIX Could Allow Code Execution (841872)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
