|
ALARM Group ALERT — click for a description of ALARM, The Computing Alert System Alert Number: 101304-01 Alert Date: 10/13/04 Alert Title: Microsoft releases security bulletins for October Update-to: none OS/Platform/Application: Microsoft Windows XP (XP, Service Pack 1, 64-Bit Edition Service Pack 1, 64-Bit Edition Version 2003) Microsoft Windows Server 2003 (including 64-Bit Edition) Microsoft Windows 2000 Server (Service Packs 2,3,and 4, Server, Advanced Server, DataCenter Server) Microsoft Windows NT Server 4.0 (Service Pack 6a, Terminal Server Edition Service pack 6) Microsoft Windows NT WorkStation 4.0 (Service Pack 6a) Microsoft Windows 98, 98 SE, ME Microsoft Excel 2000, 2002, 2003, 2004 v.X (on Mac) Microsoft Exchange Server 2003 Microsoft IIS (Versions 5.0, 5.1, 6.0) Category: ALERT Severity: MEDIUM Attention: Windows System Administrators, Desktop Support Personnel |
Summary: On October 12, Microsoft released 10 security bulletins as part of its monthly security patching initiative. 9 of the 10 bulletins are new releases (MS04-028 is a re-release); 7 of the 10 have been deemed 'Critical' and the remaining 3 are listed as 'Important'. A crief listing of each update is listed below:MS04-028 (Critical) Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
MS04-029 (Important) Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service
MS04-031 (Important) Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
MS04-032 (Critical) Security Update for Microsoft Windows (Remote Code Execution)
MS04-033 (Critical) Vulnerability in Microsoft Excel Could Allow Remote Code Execution
MS04-034 (Critical) Vulnerability in Compressed (zipped) Folders Could Allow
Remote Code Execution MS04-035 (Critical) Vulnerability in SMTP Could Allow Remote Code Execution
MS04-036 (Critical) Vulnerability in NNTP Could Allow Remote Code Execution
MS04-037 (Critical) Vulnerability in Windows Shell Could Allow Remote Code Execution
MS04-038 (Critical) Cumulative Security Update for Internet ExplorerRecommended Actions: It is recommended that you read any bulletins applicable to your OS/Applications (including all potential caveats) and (if appropriate) apply the patches immediately as per the instructions detailed in the bulletins.
ITS Actions: At this time, ITS is taking no additional specific actions address this release of bulletins. An update will be issued if this situation changes.
Resources:
Automated Windows Update Page:
http://windowsupdate.microsoft.comSecurity bulletin summary for October:
http://www.microsoft.com/technet/security/bulletin/ms04-oct.mspxSecurity bulletin MS04-028:
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspxSecurity bulletin MS04-029:
http://www.microsoft.com/technet/security/bulletin/ms04-029.mspxSecurity bulletin MS04-030:
http://www.microsoft.com/technet/security/bulletin/ms04-030.mspxSecurity bulletin MS04-031:
http://www.microsoft.com/technet/security/bulletin/ms04-031.mspxSecurity bulletin MS04-032:
http://www.microsoft.com/technet/security/bulletin/ms04-032.mspxSecurity bulletin MS04-034:
http://www.microsoft.com/technet/security/bulletin/ms04-034.mspxSecurity bulletin MS04-035:
http://www.microsoft.com/technet/security/bulletin/ms04-035.mspxSecurity bulletin MS04-036:
http://www.microsoft.com/technet/security/bulletin/ms04-036.mspxSecurity bulletin MS04-037:
http://www.microsoft.com/technet/security/bulletin/ms04-037.mspxSecurity bulletin MS04-038:
http://www.microsoft.com/technet/security/bulletin/ms04-038.mspxNOTE: PLEASE DO NOT REPLY TO THIS ALERT. Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.
Current Students | New Students | Distance Learners | Faculty | New Faculty | Staff
Training | Schedules / Hours | Forms | FAQs & User Guides | Policies | About ITS | Home
