E
Emily F [MSFT]
Today Microsoft release the following bulletin:
http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx
Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves a newly-discovered, privately reported vulnerability. A
remote code execution vulnerability exists in the Task Scheduler because of
an unchecked buffer. The vulnerability is documented in the Vulnerability
Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control of an
affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. However, user
interaction is required to exploit this vulnerability. Users whose accounts
are configured to have fewer privileges on the system would be at less risk
than users who operate with administrative privileges.
We recommend that customers apply the update immediately
Summary
Who should read this document: Customers who use Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 6.0 Service Pack 1 you will have the vulnerable
component on your system.
Tested Software and Security Update Download Locations:
Affected Software:
. Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4 - Download the update
. Microsoft Windows XP and Microsoft Windows XP Service Pack 1 -
Download the update
. Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the
update
http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx
Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves a newly-discovered, privately reported vulnerability. A
remote code execution vulnerability exists in the Task Scheduler because of
an unchecked buffer. The vulnerability is documented in the Vulnerability
Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control of an
affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. However, user
interaction is required to exploit this vulnerability. Users whose accounts
are configured to have fewer privileges on the system would be at less risk
than users who operate with administrative privileges.
We recommend that customers apply the update immediately
Summary
Who should read this document: Customers who use Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 6.0 Service Pack 1 you will have the vulnerable
component on your system.
Tested Software and Security Update Download Locations:
Affected Software:
. Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4 - Download the update
. Microsoft Windows XP and Microsoft Windows XP Service Pack 1 -
Download the update
. Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the
update