Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: MS releases 4 patches for April 2004

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    21

    MS releases 4 patches for April 2004

    http://www.microsoft.com/technet/sec.../MS04-011.mspx
    Security update for Windows (835732) - Critical

    http://www.microsoft.com/technet/sec.../MS04-012.mspx
    Cumulative Update for RPC/DCOM (828741)- Critical

    http://www.microsoft.com/technet/sec.../MS04-013.mspx
    Cumulative Security updat for Outlook Express (837009) - Critical

    http://www.microsoft.com/technet/sec.../MS04-014.mspx
    Vulnerability in MS Jet Database Engin could allow code execution (837001)- Important

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    21
    Microsoft is still updating these links. They are currently very unstable.

  3. #3
    Junior Member
    Join Date
    Sep 2003
    Posts
    21
    Ms is addressing 20 vulneribilitie with 4 seperate patches.

    MS04-11 address 14 vulnerabilities
    CAN-2003-0533
    CAN-2003-0663
    CAN-2003-0719
    CAN-2003-0806
    CAN-2003-0906
    CAN-2003-0907
    CAN-2003-0908
    CAN-2003-0909
    CAN-2003-0910
    CAN-2004-0117
    CAN-2004-0118
    CAN-2004-0119
    CAN-2004-0120
    CAN-2004-0123


    MS04-12 address 4 vulnerabilities
    CAN-2003-0813
    CAN-2004-0116
    CAN-2003-0807
    CAN-2004-0124

    MS04-13 address 1 vulnerability
    CAN-2004-0380

    MS04-14 address 1 vulnerability
    CAN-2004-0197

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Add some old bulletin re-release.

    http://www.microsoft.com/technet/sec.../MS00-082.mspx
    Reason for re-release: Bulletin updated to advise of the availability of an update for Exchange Server 5.0. Originally posted: October 31, 2000
    Updated: April 13, 2004
    Version: 2.0

    http://www.microsoft.com/technet/sec.../MS01-041.mspx
    Reason for re-release: Bulletin updated to advise of the availability of an update for Exchange Server 5.0. Originally posted: July 26, 2001
    Updated: April 13, 2004
    Version: 2.0

    http://www.microsoft.com/technet/sec.../MS02-011.mspx
    Bulletin updated to advise of the availability of an update for Windows NT Server 4.0 and to advise Exchange Server 5.0 customers on how to better protect themselves. Originally posted: February 27, 2002
    Updated: April 13, 2004
    Version Number: 2.0

    http://www.microsoft.com/technet/sec.../MS03-046.mspx
    Reason for re-release: Bulletin updated to advise of the availability of an update for Exchange Server 5.0.
    Issued: October 15, 2003
    Updated: April 13, 2004
    Version Number: 2.0
    -Simon \"SDK\"

  5. #5
    Junior Member
    Join Date
    Sep 2003
    Posts
    21

    Exclamation

    I have had a chance to review these patches in much more detail now. I want to let you all know that Microsoft’s rating of these are right on the mark! These are critical! Most of the vulnerabilities addressed in these patches will allow the attacker FULL access to your computers. We are talking about holes big enough to drive a semi through.

    The other thing to be aware of..... The MS04-011 patch covers a wide range of vulnerabilities:
    LSASS
    LDAP
    PCT
    WinLogon
    Metafiles
    Help and Support Center
    Utility Manager
    Windows Management
    Local Descriptor Tables
    H.323
    Virtual DOS machine
    SSP
    SSL
    ASN.1

    I applaud MS's attempt to reduce the number of patches, but it seems to me like including this many fixes in a single patch is just asking for trouble. What if a single fix in this patch breaks something you need. Then you have to uninstall the whole patch. I think they should at least make these readily available as separate patches to mitigate the possible problem that could occur.

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    One of them is also covering RPC/DCOM...looks like MS didn't fixz it last time around...happy patching day.
    Who is more trustworthy then all of the gurus or Buddha’s?

  7. #7
    Yet again they've failed to fix the local zone and CHM bugs that spammers and virii take advantage of. These flaws are at least 4 months old, are being exploited in the wild, and have remained unpatched for far too long. When will they realise withholding patches isn't in the interest of security, and doesn't exactly inspire confidence in their 'trustworty computing' strategy.

    I think I'll stick to Gentoo, at least I know things will be fixed in a timely fashion

  8. #8
    Senior Member OverdueSpy's Avatar
    Join Date
    Nov 2002
    Posts
    556
    Around here we call the second Tuesday of each month "BLACK TUESDAY" in honor of MS monthly patch day.
    The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

  9. #9
    Originally posted here by Beryllium9
    Yet again they've failed to fix the local zone and CHM bugs that spammers and virii take advantage of. These flaws are at least 4 months old, are being exploited in the wild, and have remained unpatched for far too long. When will they realise withholding patches isn't in the interest of security, and doesn't exactly inspire confidence in their 'trustworty computing' strategy.

    I think I'll stick to Gentoo, at least I know things will be fixed in a timely fashion
    Not trying to start a pi$$ing match.But surely your not talking about Linux bugs? Average Linux bugs live 1.8 years, some 7. the PDF can be found here. Just do a search for An empirical study of operating systems errors

    http://portal.acm.org/results.cfm?co...TOKEN=57621828

    http://www.acm.org/

  10. #10
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    Atleast in Linux I can fix the bugs myself if I'm alerted to their being there. ;-)
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •