M$ issues 3 bulletins for February

[ric-o]

Microsoft issues 3 new patches for February 2004. One for WINS, one for Virtual PC for Mac, one for ASN library on NT (??)..

Microsoft Security Bulletin MS04-005
Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)
Issued: February 10, 2004
Version: 1.0

Summary
Who should read this document: Customers who are using Microsoft® Virtual PC for Mac

Impact of vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Recommendation: Customers should install this security update at the earliest opportunity
Security Update Replacement: None
Caveats: None

http://www.microsoft.com/technet/tre...n/MS04-005.asp

Microsoft Security Bulletin MS04-006
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
Issued: February 10, 2004
Version Number: 1.0

Summary
Who should read this document: Customers who are using Microsoft® Windows Internet Naming Service (WINS)®

Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Recommendation: WINS server administrators should install the patch at the earliest opportunity.
Security Update Replacement: None
Caveats: None

http://www.microsoft.com/technet/tre...n/MS04-006.asp

Microsoft Security Bulletin MS04-007
ASN.1 Vulnerability Could Allow Code Execution (828028)
Issued: February 10, 2004
Version Number: 1.0

Summary
Who should read this document: Customers who are using Microsoft® Windows®

Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.

http://www.microsoft.com/technet/tre...n/MS04-007.asp

Happy patching!