E
Emily F [MSFT]
Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that have full
privileges. Users whose accounts are configured to have fewer privileges on
the system would be at less risk than users who operate with administrative
privileges.
We recommend that customers apply the update immediately
Summary
Who should read this document: Customers who use Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer 6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Software:
..Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
..Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download the
update
..Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update
..Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update
..Microsoft Windows ServerT 2003 - Download the update
..Microsoft Windows Server 2003 64-Bit Edition - Download the update
..Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this
bulletin for details about these operating systems.
http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that have full
privileges. Users whose accounts are configured to have fewer privileges on
the system would be at less risk than users who operate with administrative
privileges.
We recommend that customers apply the update immediately
Summary
Who should read this document: Customers who use Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer 6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Software:
..Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
..Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download the
update
..Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update
..Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update
..Microsoft Windows ServerT 2003 - Download the update
..Microsoft Windows Server 2003 64-Bit Edition - Download the update
..Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this
bulletin for details about these operating systems.