-----BEGIN PGP SIGNED MESSAGE-----<br /><br />********************************************************************<br />Title: Microsoft Security Bulletin Summary for July 2004<br />Issued: July 13, 2004<br />Updated: July 30, 2004 <br />Version Number: 2.0<br />Bulletin:
http://go.microsoft.com/fwlink/?LinkId=32567<br />********************************************************************<br /><br />Summary:<br />========<br />This advisory contains information about all security updates<br />released this month. It is broken down by security bulletin severity.<br /><br />Critical Security Bulletins<br />===========================<br /><br /> MS04-025 - Cumulative Security Update for Internet Explorer<br /> (867801)<br /> <br /> - Affected Software: <br /> - Windows NT Workstation 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Terminal Server Edition<br /> Service Pack 6 <br /> - Windows 2000 Service Pack 2 <br /> - Windows 2000 Service Pack 3<br /> - Windows 2000 Service Pack 4 <br /> - Windows XP and Windows XP Service Pack 1 <br /> - Windows XP 64-Bit Edition Service Pack 1 <br /> - Windows XP 64-Bit Edition Version 2003 <br /> - Windows Server 2003 <br /> - Windows Server 2003 64-Bit Edition <br /> - Microsoft Windows 98<br /> - Microsoft Windows 98 Second Edition (SE)<br /> - Microsoft Windows Millennium Edition (ME)<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0 <br /><br /> MS04-022 - Vulnerability in Task Scheduler Could Allow Code<br /> Execution (841873)<br /><br /> - Affected Software:<br /> - Windows 2000 Service Pack 2 <br /> - Windows 2000 Service Pack 3<br /> - Windows 2000 Service Pack 4<br /> - Windows XP and Windows XP Service Pack 1 <br /> - Windows XP 64-Bit Edition Service Pack 1 <br /><br /> - Affected Components:<br /> - Internet Explorer 6 when installed on Windows <br /> NT 4.0 SP6a (Workstation, Server, or Terminal <br /> Server Edition)<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.1 <br /><br /> MS04-023 - Vulnerability in HTML Help Could Allow Code<br /> Execution (840315)<br /><br /> - Affected Software:<br /> - Windows 2000 Service Pack 2 <br /> - Windows 2000 Service Pack 3<br /> - Windows 2000 Service Pack 4<br /> - Windows XP and Windows XP Service Pack 1 <br /> - Windows XP 64-Bit Edition Service Pack 1 <br /> - Windows XP 64-Bit Edition Version 2003 <br /> - Windows Server 2003 <br /> - Windows Server 2003 64-Bit Edition<br /> <br /> - Affected Components:<br /> - Internet Explorer 6 when installed on Windows <br /> NT 4.0 SP6a (Workstation, Server, or Terminal <br /> Server Edition)<br /><br /> - Review the FAQ section of bulletin MS04-O23 for<br /> information about these operating systems: <br /> - Microsoft Windows 98<br /> - Microsoft Windows 98 Second Edition (SE)<br /> - Microsoft Windows Millennium Edition (ME)<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0 <br /><br />Important Security Bulletins<br />============================<br /><br /> MS04-019 - Vulnerability in Utility Manager Could Allow Code<br /> Execution (842526)<br /><br /> - Affected Software: <br /> - Windows 2000 Service Pack 2 <br /> - Windows 2000 Service Pack 3<br /> - Windows 2000 Service Pack 4<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /> MS04-020 - Vulnerability in POSIX Could Allow Code<br /> Execution (841872)<br /><br /> - Affected Software: <br /> - Windows NT Workstation 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Terminal Server Edition<br /> Service Pack 6 <br /> - Windows 2000 Service Pack 2 <br /> - Windows 2000 Service Pack 3<br /> - Windows 2000 Service Pack 4<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.0<br /><br /> MS04-021 - Security Update for IIS 4.0 (841373)<br /><br /> - Affected Software: <br /> - Windows NT Workstation 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Service Pack 6a<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.1<br /><br /> MS04-024 - Vulnerability in Windows Shell Could Allow Remote <br /> Code Execution (839645)<br /><br /> - Affected Software: <br /> - Windows NT Workstation 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Terminal Server Edition<br /> Service Pack 6 <br /> - Windows 2000 Service Pack 2 <br /> - Windows 2000 Service Pack 3<br /> - Windows 2000 Service Pack 4 <br /> - Windows XP and Windows XP Service Pack 1 <br /> - Windows XP 64-Bit Edition Service Pack 1 <br /> - Windows XP 64-Bit Edition Version 2003 <br /> - Windows Server 2003 <br /> - Windows Server 2003 64-Bit Edition<br /><br /> - Review the FAQ section of bulletin MS04-O24 for<br /> information about these operating systems: <br /> - Microsoft Windows 98<br /> - Microsoft Windows 98 Second Edition (SE)<br /> - Microsoft Windows Millennium Edition (ME)<br /><br /> - Impact: Remote Code Execution<br /> - Version Number: 1.3<br /><br />Moderate Security Bulletins<br />===========================<br /><br /> MS04-018 - Cumulative Security Update for Outlook Express<br /> (823353)<br /><br /> - Affected Software: <br /> - Windows NT Workstation 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Service Pack 6a <br /> - Windows NT Server 4.0 Terminal Server Edition<br /> Service Pack 6 <br /> - Windows 2000 Service Pack 2 <br /> - Windows 2000 Service Pack 3<br /> - Windows 2000 Service Pack 4 <br /> - Windows XP and Windows XP Service Pack 1 <br /> - Windows XP 64-Bit Edition Service Pack 1 <br /> - Windows XP 64-Bit Edition Version 2003 <br /> - Windows Server 2003 <br /> - Windows Server 2003 64-Bit Edition<br /><br /> - Review the FAQ section of bulletin MS04-O18 for<br /> information about these operating systems: <br /> - Microsoft Windows 98<br /> - Microsoft Windows 98 Second Edition (SE)<br /> - Microsoft Windows Millennium Edition (ME)<br /><br /> - Impact: Denial of Service<br /> - Version Number: 1.0 <br /><br /><br />Update Availability:<br />===================<br />Updates are available to address these issues.<br />For additional information, including Technical Details, <br />Workarounds, answers to Frequently Asked Questions, <br />and Update Deployment Information please read <br />the Microsoft Security Bulletin Summary for this <br />month at:
http://go.microsoft.com/fwlink/?LinkId=32567<br /><br />Support: <br />========<br />Technical support is available from Microsoft Product Support <br />Services at 1-866-PC SAFETY (1-866-727-2338). There is no <br />charge for support calls associated with security updates. <br />International customers can get support from their local Microsoft <br />subsidiaries. Phone numbers for international support can be found <br />at:
http://support.microsoft.com/common/international.aspx<br /> <br />Additional Resources:<br />=====================<br />* Microsoft has created a free monthly e-mail newsletter containing<br /> valuable information to help you protect your network. This<br /> newsletter provides practical security tips, topical security<br /> guidance, useful resources and links, pointers to helpful<br /> community resources, and a forum for you to provide feedback<br /> and ask security-related questions.<br /> You can sign up for the newsletter at:<br /><br />
http://www.microsoft.com/technet/security/secnews/default.mspx<br /><br />* Microsoft has created a free e-mail notification service that<br /> serves as a supplement to the Security Notification Service<br /> (this e-mail). It provides timely notification of any minor<br /> changes or revisions to previously released Microsoft Security<br /> Bulletins. This new service provides notifications that are<br /> written for IT professionals and contain technical information<br /> about the revisions to security bulletins.<br /> Visit
http://www.microsoft.com to subscribe to this service:<br /><br /> - Click on Subscribe at the top of the page.<br /> - This will direct you via Passport to the Subscription center.<br /> - Under Newsletter Subscriptions you can sign up for the<br /> "Microsoft Security Notification Service: Comprehensive Version".<br /><br />* The on-demand version of the July security bulletins webcast <br /> is available at:
http://go.microsoft.com/fwlink/?LinkId=30865<br /><br />* Protect your PC: Microsoft has provided information on how you <br /> can help protect your PC at the following locations: <br /><br />
http://www.microsoft.com/security/protect/<br /><br /> If you receive an e-mail that claims to be distributing a <br /> Microsoft security update, it is a hoax that may be distributing a <br /> virus. Microsoft does not distribute security updates through<br /> e-mail. You can learn more about Microsoft's software distribution <br /> policies here:<br /> <br />
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx<br /><br />Acknowledgments:<br />================<br />Microsoft thanks the following for working with us to protect <br />customers:<br /><br />Cesar Cerrudo of Application Security Inc. for reporting an issue <br />described in MS04-019. (
http://www.appsecinc.com)<br /> <br />Rafal Wojtczuk working with McAfee for reporting an <br />issue described in MS04-020. (
http://www.mcafee.com)<br /> <br />Brett Moore of Security-Assessment.com for reporting an issue <br />described in MS04-022. (
http://www.security-assessment.com)<br /> <br />Dustin Schneider for reporting an issue described in MS04-022. <br />(mailto://dschn@verizon.net)<br /> <br />Peter Winter-Smith of Next Generation Security Software Ltd. for <br />reporting an issue described in MS04-022. <br />(
http://www.nextgenss.com)<br /> <br />Brett Moore of Security-Assessment.com for reporting an issue <br />described in MS04-023. (
http://www.security-assessment.com)<br /><br />********************************************************************<br />THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS <br />PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT <br />DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING <br />THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR <br />PURPOSE.<br />IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE <br />LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, <br />INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL <br />DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN <br />ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. <br />SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY <br />FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING <br />LIMITATION MAY NOT APPLY.<br />********************************************************************<br /><br /><br />-----BEGIN PGP SIGNATURE-----<br />Version: PGP 8.1<br /><br />iQEVAwUBQQipKI0ZSRQxA/UrAQHoxwgAkAyy+C5GoahMc2Ajy3yIDSlGwLwletTS<br />udlZLUzffvA/ttvuWXw0EqzOWpQDKdVxnokXzFUP0yaHsKxnRcVh81ziBL2oF/aL<br />vs8uFr1u2cakv4unUcyB6dOlC3XUA9VDquEjZ6EXpI+erW4p/ZKZ0W2xvGKFgb93<br />lhqoDsI9+grDhMKQ49JCJ4bRFozBG5mDCVNrhUvP3SU4mAFbY0ora0nUZx4AU/+L<br />wslIMhn3rI3QEmK6xsvKTn2Cp4W/xUmpAkMg3wIqPfHBMLej3/da+pSqjvLBx1b2<br />861ZJUde8F9aHRMuzdTW50LX7GgVyMOI5Mhgo84bPa6MzjNpcDRi8g==<br />=kh8Z<br />-----END PGP SIGNATURE-----<br />To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site <
http://www.microsoft.com/misc/unsubscribe.htm>. You can manage all your Microsoft.com communication preferences at this site.<br /><br />Legal Information
http://www.microsoft.com/info/legalinfo/default.mspx.<br /><br />This newsletter was sent by the Microsoft Corporation<br />1 Microsoft Way<br />Redmond, Washington, USA<br />98052
