Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315)

E

Emily F [MSFT]

Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)

Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that have full
privileges. Users whose accounts are configured to have fewer privileges on
the system would be at less risk than users who operate with administrative
privileges.
We recommend that customers apply the update immediately

Summary
Who should read this document: Customers who use Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer 6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Software:
..Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
..Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download the
update
..Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update
..Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update
..Microsoft Windows ServerT 2003 - Download the update
..Microsoft Windows Server 2003 64-Bit Edition - Download the update
..Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this
bulletin for details about these operating systems.
 
G

Gary S. Terhune

Thank you, Emily! I was just about to post these new Bulletins to the win98.gen_discussion group.

This is a great service to Windows newsgroups users, and I hope we can expect it to become a regular feature in our groups.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Bulletin: MS04-22: Vulnerability in Task Scheduler Could Allow Code Execution (841873) 2
Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353) 4
Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execut 24
MS06-040: Vulnerability in Server service could allow remote code execution 2
MS04-008: Vulnerability in Windows Media Services 2
Microsoft patches critical flaw in Windows Defender 1
Microsoft Security Bulletin Summary for July 2004 1
[ O T ] Microsoft Security Bulletin Advance Notification for March 2010 1

Top