FULL Microsoft Security Bulletin Summary for October 2004
**********************************************************
Title: Microsoft Security Bulletin Summary for October 2004
Issued: October 12, 2004
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=35989
**********************************************************
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS04-032 - Security Update for Microsoft Windows (840987)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O32 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-033 - Vulnerability in Microsoft Excel Could Allow
Remote Code Execution (886836)
- Affected Software:
- Microsoft Office 2000 Software Service Pack 3
- Microsoft Office XP Software Service Pack 2
- Microsoft Office 2001 for Mac
- Microsoft Office v. X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-034 - Vulnerability in Compressed (zipped) Folders
Could Allow Remote Code Execution (873376)
- Affected Software:
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-035 - Vulnerability in SMTP Could Allow Remote
Code Execution (885881)
- Affected Software:
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Exchange Server 2003 when installed on
Windows Server 2003
- Exchange Server 2003 Service Pack 1 when
installed on Microsoft Windows Server 2003
- Exchange Server 2003 when installed on
Windows 2000 Service Pack 3
- Exchange Server 2003 when installed on
Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-036 - Vulnerability in NNTP Could Allow
Remote Code Execution (883935)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Exchange 2000 Server Service Pack 3
(Uses the Windows 2000 NNTP component)
- Exchange Server 2003
(Uses the Windows 2000 or Windows Server
2003 NNTP component)
- Exchange Server 2003 Service Pack 1
(Uses the Windows 2000 or Windows Server
2003 NNTP component)
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-037 - Vulnerability in Windows Shell Could Allow
Remote Code Execution (841356)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O37 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-038 - Cumulative Security Update for
Internet Explorer (834707)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O38 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS04-029 - Vulnerability in RPC Runtime Library Could Allow
Information Disclosure and
Denial of Service (873350)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Impact: Information Disclosure and
Denial of Service
- Version Number: 1.0
MS04-030 - Vulnerability in WebDAV XML Message Handler Could
Lead to a Denial of Service (824151)
- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Impact: Denial of Service
- Version Number: 1.0
MS04-031 - Vulnerability in NetDDE Could Allow Remote
Code Execution (841533)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O31 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
Issued: October 12, 2004
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink
******************************
Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS04-032 - Security Update for Microsoft Windows (840987)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O32 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-033 - Vulnerability in Microsoft Excel Could Allow
Remote Code Execution (886836)
- Affected Software:
- Microsoft Office 2000 Software Service Pack 3
- Microsoft Office XP Software Service Pack 2
- Microsoft Office 2001 for Mac
- Microsoft Office v. X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-034 - Vulnerability in Compressed (zipped) Folders
Could Allow Remote Code Execution (873376)
- Affected Software:
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-035 - Vulnerability in SMTP Could Allow Remote
Code Execution (885881)
- Affected Software:
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Exchange Server 2003 when installed on
Windows Server 2003
- Exchange Server 2003 Service Pack 1 when
installed on Microsoft Windows Server 2003
- Exchange Server 2003 when installed on
Windows 2000 Service Pack 3
- Exchange Server 2003 when installed on
Windows 2000 Service Pack 4
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-036 - Vulnerability in NNTP Could Allow
Remote Code Execution (883935)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Exchange 2000 Server Service Pack 3
(Uses the Windows 2000 NNTP component)
- Exchange Server 2003
(Uses the Windows 2000 or Windows Server
2003 NNTP component)
- Exchange Server 2003 Service Pack 1
(Uses the Windows 2000 or Windows Server
2003 NNTP component)
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-037 - Vulnerability in Windows Shell Could Allow
Remote Code Execution (841356)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O37 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
MS04-038 - Cumulative Security Update for
Internet Explorer (834707)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O38 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS04-029 - Vulnerability in RPC Runtime Library Could Allow
Information Disclosure and
Denial of Service (873350)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Impact: Information Disclosure and
Denial of Service
- Version Number: 1.0
MS04-030 - Vulnerability in WebDAV XML Message Handler Could
Lead to a Denial of Service (824151)
- Affected Software:
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Impact: Denial of Service
- Version Number: 1.0
MS04-031 - Vulnerability in NetDDE Could Allow Remote
Code Execution (841533)
- Affected Software:
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Review the FAQ section of bulletin MS04-O31 for
information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
- Impact: Remote Code Execution
- Version Number: 1.0
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
posted by David
at
5:22 pm
0 Comments:
Post a Comment
<< Home