Posted by Fabian Wenk on Wednesday October 13, @10:27AM
| Microsoft Security Bulletin October 2004
from the this-time-a-very-large-update dept.
Last night Microsoft has released the Windows Security Updates for October 2004 (see the Security Bulletin Summary for October 2004 for more technical information). There are 7 critical and 3 important updates.
Run Windows Update (with Internet Explorer) on all the Windows Workstations and Servers to install the Security Updates.
If using Microsoft Office products check also Office Update on the Microsoft Office Downloads Home Page.
For detailed informations see the following bulletins:
Windows NT 4 Workstation is not supported any longer from Microsoft, but the RPC vulnerability described in MS04-029 (see the FAQ section) does also affect them and can be exploited from remote.
- MS04-029 Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) Important
- MS04-030 Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151) Important
- MS04-031 Vulnerability in NetDDE Could Allow Remote Code Execution (841533) Important
- MS04-032 Security Update for Microsoft Windows (840987) Critical
- MS04-033 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836) Critical
- MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) Critical
- MS04-035 Vulnerability in SMTP Could Allow Remote Code Execution (885881) Critical
- MS04-036 Vulnerability in NNTP Could Allow Remote Code Execution (883935) Critical
- MS04-037 Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) Critical
- MS04-038 Cumulative Security Update for Internet Explorer (834707) Critical
Solution: Disconnect any Windows NT 4 Workstations from the ETH Network now.
If this particular workstation can not be update to Windows 2000 or XP and still needs to be connected to the network do not hesitate to contact us for advice.