Professional Web Applications Themes

Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315) - Windows Server

Today, Microsoft released the following Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315) Issued: July 13, 2004 Version: 1.0 Executive Summary: This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is doented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new ...

  1. #1

    Default Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315)

    Today, Microsoft released the following Security Bulletin:
    http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
    Microsoft Security Bulletin MS04-023
    Vulnerability in HTML Help Could Allow Code Execution (840315)

    Issued: July 13, 2004
    Version: 1.0
    Executive Summary:
    This update resolves two newly-discovered vulnerabilities. The HTML Help
    vulnerability was privately reported and the showHelp vulnerability is
    public. Each vulnerability is doented in this bulletin in its own
    Vulnerability Details section.
    If a user is logged on with administrative privileges, an attacker who
    successfully exploited the most severe of these vulnerabilities could take
    complete control of an affected system, including installing programs;
    viewing, changing, or deleting data; or creating new accounts that have full
    privileges. Users whose accounts are configured to have fewer privileges on
    the system would be at less risk than users who operate with administrative
    privileges.
    We recommend that customers apply the update immediately

    Summary
    Who should read this doent: Customers who use Microsoft® Windows®
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical
    Recommendation: Customers should apply the update immediately.
    Security Update Replacement: None
    Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
    4.0 Terminal Server Edition are not affected by default. However if you have
    installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer 6.0
    Service Pack 1 you will have the vulnerable component on your system.
    Tested Software and Security Update Download Locations:
    Affected Software:
    ..Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack
    3, Microsoft Windows 2000 Service Pack 4 - Download the update
    ..Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download the
    update
    ..Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update
    ..Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update
    ..Microsoft Windows ServerT 2003 - Download the update
    ..Microsoft Windows Server 2003 64-Bit Edition - Download the update
    ..Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
    Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this
    bulletin for details about these operating systems.


    Emily Guest

  2. #2

    Default Re: Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315)

    Thank you, Emily! I was just about to post these new Bulletins to the win98.gen_discussion group.

    This is a great service to Windows newsgroups users, and I hope we can expect it to become a regular feature in our groups.

    --
    Gary S. Terhune
    MS MVP for Win9x

    "Emily F [MSFT]" <microsoft.com> wrote in message news:phx.gbl... 
    Gary Guest

Similar Threads

  1. Microsoft Security Bulletin MS03-039 -
    By Jerry Bryant [MSFT] in forum ASP.NET Building Controls
    Replies: 0
    Last Post: September 10th, 04:23 PM
  2. Microsoft Security Bulletin MS03-030 - 819696
    By Jerry in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 23rd, 10:31 PM
  3. Microsoft Security Bulletin MS030-27 - 821557
    By Jerry Bryant [MSFT] in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 16th, 05:28 PM
  4. Microsoft Security Bulletin MS03-024 - 817606
    By Jerry Bryant [MSFT] in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 9th, 06:45 PM
  5. Microsoft Security Bulletin MS03-023 - 823559
    By Jerry Bryant [MSFT] in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 9th, 06:43 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139