April 14, 2004 Information Security Advisory

Yesterday, the Computer Emergency Response Team (CERT) released a security
advisory regarding multiple vulnerabilities in Microsoft products:

Systems Affected

     * Microsoft Windows Operating Systems
     * Microsoft Windows Remote Procedure Call (RPC) and Distributed
       Component Object Model (DCOM) subsystems
     * Microsoft Windows MHTML Protocol Handler
     * Microsoft Jet Database Engine

Overview

   Microsoft Corporation has released a series of security bulletins
   affecting most users of the Microsoft Windows operating system. Users
   of systems running Microsoft Windows are strongly encouraged to visit
   the "Windows Security Updates for April 2004" site at

   <https://www.microsoft.com/security/security_bulletins/200404_windows.asp>

   and take actions appropriate to their system configurations.

I. Description

   Microsoft has released four security bulletins listing a number of
   vulnerabilities which affect a variety of Microsoft Windows software
   packages. The following section summarizes the issues identified in
   their bulletins.

Summary of Microsoft Bulletins for April 2004

  Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)

   This bulletin addresses 14 vulnerabilities affecting the systems
   listed below. There are several new vulnerabilities address by this
   bulletin, and several updates to previously reported vulnerabilities.

   Impact

     Remote attackers could execute arbitrary code on vulnerable systems.

   Systems affected

     * Windows NT Workstation 4.0
     * Windows NT Server 4.0
     * Windows NT Server 4.0, Terminal Server Edition
     * Windows 2000
     * Windows XP
     * Windows Server 2003

  Security Bulletin MS04-012: Cumulative Update for Microsoft RPC/DCOM
   (828741)

   This  bulletin  addresses  several  new  vulnerabilities affecting the
   systems  listed  below. These vulnerabilities are in Microsoft Windows
   Remote  Procedure  Call  (RPC)  and Distributed Component Object Model
   (DCOM).

   Impact

     Remote attackers could execute arbitrary code on vulnerable systems.

   Systems affected

     * Windows NT Workstation 4.0
     * Windows NT Server 4.0
     * Windows NT Server 4.0, Terminal Server Edition
     * Windows 2000
     * Windows XP
     * Windows Server 2003

  Security Bulletin MS04-013:Cumulative Security Update for Outlook Express
   (837009)

   This  bulletin  addresses a vulnerability affecting the systems listed
   below.  The vulnerability affects the Microsoft Windows MHTML Protocol
   handler  and any applications that use it, including Microsoft Outlook
   and  Internet Explorer. This vulnerability has been assigned VU#323070
   and CAN-2004-0380.

   Note:   MS04-013   includes   patches  remediating  the  vulnerability
   described in TA04-099A.

   Impact

     Remote attackers could execute arbitrary code on vulnerable systems.

   Systems affected

     * Windows NT Workstation 4.0
     * Windows NT Server 4.0
     * Windows NT Server 4.0, Terminal Server Edition
     * Windows 2000
     * Windows XP
     * Windows Server 2003
     * Windows 98
     * Windows 98 Second Edition (SE)
     * Windows Millennium Edition (Windows Me)

   Note:  This  issue  affects  systems  with  Outlook Express installed.
   Outlook  Express  is installed by default on most (if not all) current
   versions of Microsoft Windows.

  Security Bulletin MS04-014: Vulnerability in the Microsoft Jet Database
   Engine Could Allow Code Execution (837001)

   This  bulletin  addresses a vulnerability affecting the systems listed
   below.  There  is  a  buffer overflow vulnerability in Microsoft's Jet
   Database  Engine (Jet). An attacker could take control of a vulnerable
   system,  including installing programs; viewing, changing, or deleting
   data;  or  creating  new  accounts  that  have  full  privileges. This
   vulnerability has been assigned VU#740716 and CAN-2004-0197.

   Impact

     Remote attackers could execute arbitrary code on vulnerable systems.

   Systems affected

     * Windows NT Workstation 4.0
     * Windows NT Server 4.0
     * Windows NT Server 4.0, Terminal Server Edition
     * Windows 2000
     * Windows XP
     * Windows Server 2003

II. Impact

   Several  of  the issues identified by Microsoft have been described as
   "Critical" in nature.Each bulletin contains at least one vulnerability
   which may allow remote attackers to execute arbitrary code on affected
   systems. The privileges gained would depend on the security context of
   the software and vulnerability exploited.

III. Solution

Apply an appropriate set of updates from Microsoft

   Please  see  the following site for more information about appropriate
   remediation.

     Windows Security Updates for April 2004 -

     <http://www.microsoft.com/security/security_bulletins/200404_windows.asp>

Recommendation: update your Windows Operating System at 
http://v4.windowsupdate.microsoft.com/

Happy safe computing!

Frederic Martin
www.workingarts.com

PS1: If you want to be removed from this computer security advisory mailing list, please 
reply with "remove" in the subject of the message. To review archived security warnings, 
please go to http://www.workingarts.com/infosecarchives.html

PS2: Please forward this email to your friends and colleagues, who can register to receive
these alerts at http://www.workingarts.com/specialoffer.html