7 New M$ Paches for July?

[ric-o]

Check out Microsoft's site here http://www.microsoft.com/security/bu...s/default.mspx . It looks like we have 7 patches coming out today: 018-024.

Here's the high level scoop:

http://www.microsoft.com/security/bu...7_windows.mspx

Scorecard: 7 total...

• 2 Critical
• 4 Important
• 1 Moderate
• Of the 7, three (3) are re-releases replacing patches from issued in 2003 & 2004

Critical Bulletins:
MS04-022 - Vulnerability in Task Scheduler Could Allow Code Execution (841873)
http://www.microsoft.com/technet/sec.../MS04-022.mspx
* Impact: Remote code execution
* Affected Software: Windows 2000, Windows XP

MS04-023 - Vulnerability in HTML Help Could Allow Code Execution (840315)
http://www.microsoft.com/technet/sec.../MS04-023.mspx
* Impact: Remote code execution
* Affected Software: Windows 2000, Windows XP, Server 2003, Windows 98, Windows ME
* Note: Windows NT not affected by default but if have IE 5.5 SP2 or IE 6 SP1 installed it is

Important Bulletins:
MS04-019 - Vulnerability in Utility Manager Could Allow Code Execution (842526)
http://www.microsoft.com/technet/sec.../MS04-019.mspx
* Impact: Local evevation of privilege
* Affected Software: Windows 2000
* NOTE: Replaces MS03-025!!!

MS04-020 - Vulnerability in POSIX Could Allow Code Execution (841872)
http://www.microsoft.com/technet/sec.../MS04-020.mspx
* Impact: Local evevation of privilege
* Affected Software: Windows 2000, Windows NT

MS04-021 - Security Update for IIS 4.0 (841373)
http://www.microsoft.com/technet/sec.../MS04-021.mspx
* Impact: Remote code execution
* Affected Software: Windows NT

MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
http://www.microsoft.com/technet/sec.../MS04-024.mspx
* Impact: Remote code execution
* Affected Software: Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows 98, Windows ME
* NOTE: Replaces MS03-027 on Windows XP ONLY!!!

Moderate Bulletins:
MS04-018 - Cumulative Security Update for Outlook Express (823353)
http://www.microsoft.com/technet/sec.../MS04-018.mspx
* Impact: Denial of Service
* Affected Software: Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows 98, Windows ME
* Affected Components: Outlook Express 5.5 & 6
* NOTE: Replaces MS04-013!!!

/edit 22:05 UTC
* Modified note on MS04-024 regarding what patch it replaces.
* Added note on MS04-023 about NT vulnerability if IE installed.