Microsoft Security Bulletins for September 2004

Discussion in 'Server Security' started by Jerry Bryant [MSFT], Sep 14, 2004.

  1. September 14, 2004
    Today Microsoft released the following Security Bulletins.

    Note: www.microsoft.com/technet/security and www.microsoft.com/security are
    authoritative in all matters concerning Microsoft Security Bulletins! ANY
    e-mail, web board or newsgroup posting (including this one) should be
    verified by visiting these sites for official information. Microsoft never
    sends security or other updates as attachments. These updates must be
    downloaded from the microsoft.com download center or Windows Update. See the
    individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft
    security notices, it is recommended that you physically type the URLs into
    your web browser and not click on the hyperlinks provided.

    Bulletin Summaries:

    September Summary
    http://www.microsoft.com/technet/security/Bulletin/ms04-sep.mspx

    Critical Bulletins:

    MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code
    Execution (833987)
    http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx

    Important Bulletins:

    MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code Execution
    (884933)
    http://www.microsoft.com/technet/security/Bulletin/MS04-027.mspx

    This represents our regularly scheduled monthly bulletin release (second
    Tuesday of each month). Please note that Microsoft may release bulletins out
    side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after
    reading the above listed bulletin you should contact Product Support
    Services in the United States at 1-866-PCSafety (1-866-727-2338).
    International customers should contact their local subsidiary.
    --
    Regards,

    Jerry Bryant - MCSE, MCDBA
    Microsoft IT Communities

    Get Secure! www.microsoft.com/security


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jerry Bryant [MSFT], Sep 14, 2004
    #1
    1. Advertisements

  2. Xposts without announcement and without followup-to are REALLY bad!

    FUp2 microsoft.public.security set!
    Visio Viewer contains GDIPLUS.DLL (I have 5.1.3100.0 from 2002-07-19
    installed here; this is older than the version included in XP SP1,
    thus vulnerable).
    Visio Viewer is NOT mentioned in the bulletin NOR the knowledge base
    articles 873373 and .
    Visio Viewer is not detected by gdidettool.exe!

    And one more: a slipstreamed Windows XP with SP2 contains a GDIPLUS.DLL
    5.1.3097.0 in \I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\

    Microsoft, get your homework done!

    [snip]

    ABSOLUTELY NOT AMUSED
    Stefan Kanthak
     
    Stefan Kanthak, Sep 15, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.