M$ bulletin for May released MS04-015
Results 1 to 8 of 8

Thread: M$ bulletin for May released MS04-015

  1. #1
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    M$ bulletin for May released MS04-015

    So far Microsoft only released one bulletin for May (MS04-015)...dont know if there are more.

    Notes:
    * Microsoft classified criticality level at "Important"
    * Only affects Windows XP & Server 2003
    * Affects Help & Support Center
    * Is remote code execution vulnerability

    Microsoft Security Bulletin MS04-015
    Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)

    Issued: May 11, 2004
    Version: 1.0

    Summary
    Who should read this document: Customers who use Microsoft® Windows®

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Important

    Recommendation: Customers should install the update at the earliest opportunity.

    Security Update Replacement: None

    Caveats: Microsoft Knowledge Base Article 841996 documents a known issue that customers may experience when they install this security update on a system where the Help and Support Center service is disabled. For the installation of this security update to be successful, the Help and Support Center service cannot be disabled. The article also documents recommended solutions for this issue. For more information, see Microsoft Knowledge Base Article 841996.

    Tested Software and Security Update Download Locations:

    Affected Software:

    • Microsoft Windows XP and Microsoft Windows XP Service Pack 1 – Download the update

    • Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update

    • Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update

    • Microsoft Windows Server™ 2003 – Download the update

    • Microsoft Windows Server 2003 64-Bit Edition – Download the update


    Non-Affected Software:

    • Microsoft Windows NT® Workstation 4.0 Service Pack 6a

    • Microsoft Windows NT Server 4.0 Service Pack 6a

    • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

    • Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4

    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)


    The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site

    http://www.microsoft.com/technet/sec.../MS04-015.mspx

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    crap, you beat me to it.
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    this is a truely uninformative alert from micrsoft. whats it all about? ill look myself and its good that you posted it but i really think your thread should be more informative than just this.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    here ya go:

    A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. An attacker could exploit the vulnerability by constructing a malicious HCP URL that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.


    in other words be prepared for another rash of "hey shithead checkout this really cool link " in IM's and emails. and dont surf for porn or warez until you've updated.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Originally posted here by Tedob1
    this is a truely uninformative alert from micrsoft. whats it all about? ill look myself and its good that you posted it but i really think your thread should be more informative than just this.
    You're right Tedob1...sorry about that. I read through M$'s bulletin and was basically unimpressed and quite frankly STUNNED that this was the only bulletin.

    I cannot believe this is the ONLY patch they have when there are SOOO many "pot holes" left in the road to fill. Ugh!

    Anyway, I probably should have put more comments in there. Tip noted for future ref.

  6. #6
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Damn it!

    OK, someone who works for Microsoft, read this and send it to the right people:

    Windows XP is good, do a damn code analysis like SuSE Linux and Open BSD do, and get this **** fixed right!

    I remember when Windows XP came out. I was like "Wow, that UI looks like a clown ate too much cotton candy and puked on it!". But it is actually stable. I had to use it at school, and began to actually like it. When I bought a new machine it came with it, and I was like "OK, I'll leave this on, but more than likely I'll end up formatting it and putting Windows 2000 on it since I need Windows for school".

    Well, I had so little problems with it that I just left it on. And I have that box, still with Windows XP on it, but I get so tired of updates.

    They could have waited to release XP by a few more months to find more bugs. This is what? 3 Years later? Windows XP is turning into Sendmail. If you've ever updated a UNIX box, you know what that means. 5,000 bugs and counting pretty much.

    Heh, I guess this will make Service pack 2 for XP ship later now. Another bug fix has to be tested with it.

    Microsoft, quit being so pushy about releasing a new OS every year. Instead, when you think it's ready for release, how about sending it to a security company, and having them test it too?

    Start supporting NT again and drop Windows 98 instead... Or do both. NT is still in use today.

    Release Windows server 2003 without the server programs in it, as a desktop OS. It's fast, stable, and to damn much money with worthless software for a desktop OS for a home user, but it's stable as I said, and should have a release for desktop use.

    Hell, it already has Windows Media Player.

    OK I'm rambling on because I have to update AGAIN. But I think I have some very good ideas. Maybe I should send Microsoft an Email. I'll send it to the piracy mail address, that way they will actually read it. They only care what we say when we save them money.

    What do you guys think? I kind of babbled on a bit but I'm also doing 5 things right now. Maybe I can make a list of things Microsoft could do that would make them a better company with better products, but also be possible without screwing something up.

  7. #7
    better company with better products, but also be possible without screwing something up.
    Ms Bob 3.1 - reference here - http://toastytech.com/guis/bob.html

    Need I say anything else?

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I'm confused why is MS calling this a remote code execution vulnerability?
    There's nothing remote about it. MS04-011 was/is a remote code execution vulnerability.
    This one is a local one because it has to run on the local machine.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •