Home > Microsoft Security > Microsoft Security Bulletin Ms04-013

Microsoft Security Bulletin Ms04-013

Deployment Information To install this security update on Windows Server 2003 without any user intervention, use the following command at a command prompt: windowsserver2003-kb837009-x86-enu.exe /quiet /passive To install this security update Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by the vulnerability addressed within this security bulletin? Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability? For more information, see Microsoft Knowledge Base Article 912812. his comment is here

An attacker could exploit this vulnerability by creating a malicious Web page or an HTML e-mail message and then enticing the user to visit this page or to view the HTML For more information about the Security Update Inventory Tool, see the following Microsoft Web site. On Windows Server 2003 and on Windows XP 64-Bit Edition Version 2003, system administrators can also use the Spuninst.exe utility to remove this security update. Prerequisites This security update requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). https://technet.microsoft.com/en-us/library/security/ms04-013.aspx

Windows NT 4.0 Workstation Service Pack 6a and Windows 2000 Service Pack 2 have reached the end of their life cycles as previously documented, and Microsoft extended this support to June For a more general definition of race conditions, visit this . An attacker who successfully exploited this vulnerability could take complete control of an affected system.

This could cause the system to stop responding and therefore cause a denial of service condition. No. This is a denial of service vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Two in particular that you may want to add are "*.windowsupdate.microsoft.com" and “*.update.microsoft.com” (without the quotation marks). It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. File Information The English version of this update has the file attributes (or later) that are listed in the following table. https://technet.microsoft.com/en-us/library/security/ms04-018.aspx Besides the changes that are listed in the “Vulnerability Details” section of this bulletin and in addition to changes that were introduced in previous Internet Explorer security bulletins, this update introduces

To determine the support lifecycle for your product and version, visit the Microsoft Support Lifecycle Web site. Additionally, Outlook 98 and Outlook 2000 open HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been applied. Otherwise, the installer copies the RTMGDR files to your system. When you view the file information, it is converted to local time.

For more information, see Microsoft Knowledge Base Article 824994. https://technet.microsoft.com/en-us/library/security/ms03-013.aspx Security Update Replacement: This bulletin replaces MS04-013: Cumulative Update for Outlook Express and any prior Cumulative Security Updates for Outlook Express. In this case, the majority of the steps that are required to address this vulnerability were completed before June 30, 2004. We recommend that you add only sites that you trust to the Trusted sites zone.

Why does this race condition cause a vulnerability? http://itivityglobal.com/microsoft-security/subscribe-to-microsoft-security-bulletin.html When you view the file information, it is converted to local time. This control has been found to contain a security vulnerability. Yes - the problem with MS03-007 was caused by a dependent file not being present in the patch.

Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Several Window Management API functions allow programs to change the properties of other programs that are running at a higher level of privilege. To exploit this vulnerability, an attacker must send a specially crafted RPC message to an affected system over an affected TCP/UDP port. weblink What might an attacker use the vulnerability to do?

The security bulletin ID and operating systems that are affected for the previous Outlook Express update are listed in the following table. A VDM is created whenever a user starts an MS-DOS application on a Windows NT-based operating system. Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me: Download the update.

If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs;

Affected Software: Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Non Affected Software: Windows Server 2003 End User Bulletin: An end user An attacker who exploited this vulnerability could cause the affected system to stop responding and automatically restart. The update modifies the way that database requests are processed by Jet. This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX

Does this update contain any security-related changes to functionality? LDAP Vulnerability - CAN-2003-0663: A denial of service vulnerability exists that could allow an attacker to send a specially crafted LDAP message to a Windows 2000 domain controller. For more information about the components that are used to build Windows programs, visit the MSDN Web site. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-ms08-041.html Restart Requirements In some cases, you do not have to restart your computer after you apply this update.

The dates and times for these files are listed in coordinated universal time (UTC). Windows 2000: To verify that the patch has been installed on the machine, confirm that the following registry key has been created on the machine: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q811493.