Information Technology Services: Alerts Archive

ALARM Group ALERTclick for a description of ALARM, The Computing Alert System
Alert Number:  091504-01
Alert Date:  09/15/04
Alert Title:  Microsoft releases two security bulletins for September
Update-to:  None
OS/Platform/Application: 
Microsoft Windows XP (XP, Service Pack 1, 64-Bit Edition Service Pack 1, 64-Bit Edition Version 2003)
Microsoft Windows Server 2003 (including 64-Bit Edition)
Microsoft Windows 2000 Server (Service Packs 2,3,and 4)
Microsoft Windows NT Server 4.0 (Service Pack 6a, Terminal Server Edition Service pack 6)
Microsoft Windows NT WorkStation 4.0 (Service Pack 6a)
Microsoft Windows 98, 98 SE, ME
Microsoft Office 2003
Microsoft Office XP Service Pack 3

Visio 2003 (All versions)
Visio 2002 Service Pack 2 (All versions)
Microsoft Project 2003 (All versions)
Microsoft Project 2002 Service Pack 1 (All versions)
The Microsoft .NET Framework, version 1.0
The Microsoft .NET Framework, version 1.1
Internet Explorer 6 Service Pack 1
Picture It! 2002 (All versions)
Greetings 2002
Picture It! version 7.0 (All versions)
Digital Image Pro version 7.0
Picture It! version 9 (All versions, Including Picture It! Library)
Digital Image Pro version 9
Digital Image Suite version 9
Producer for Microsoft Office PowerPoint (All versions)
Visual Studio 2003 .NET
Visual Basic .NET Standard 2003
Visual C# .NET Standard 2003
Visual C++ .NET Standard 2003
Visual J# .NET Standard 2003
Visual Studio 2002 .NET
Visual Basic .NET Standard 2002
Visual C# .NET Standard 2002
Visual C++ .NET Standard 2002
The Microsoft .NET Framework, version 1.0 SDK Platform SDK Redistributable: GDI+
Category:  ALERT
Severity:  HIGH
Attention:  Windows System Administrators, Desktop Support Personnel

Summary:  On September 14, Microsoft sent notice of two new security bulletins (MS04-027 and MS04-028). MS04-027 is listed by Microsoft as "Medium Severity"; it addresses a recently-discovered vulnerability in WordPerfect 5.x Converter that can allow a remote attacker to take complete control of a vulnerable system (user interaction is required for the vulnerability to be successful). MS04-028 is listed by Microsoft as "Critical Severity"; it addresses a newly-discovered vulnerability in the processing of JPEG file formats. As in the case of MS04-027, a remote attacker could use this vulnerability to take complete control of a vulnerable system.

Recommended Actions:  It is recommended that you read bulletins MS04-27 and MS04-28 (including all associated caveats and FAQs) and (if appropriate) apply the patches immediately as per the instructions detailed in the bulletins.

ITS Actions:  At this time, ITS is taking no specific additional actions to address these updates.

Resources:
Automated Windows Update Page:
http://windowsupdate.microsoft.com

Security bulletin for September 2004 Jump Page:
http://www.microsoft.com/technet/security/bulletin/ms04-sep.mspx

Security bulletin MS04-027:
http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx

Security bulletin MS04-028:
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Microsoft-supplied tool to determine if your system is running any of the products (applications, etc) identified above:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;873374

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff
Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home

University at Albany homepage