5 New Critical Updates For XP

Mr. Fancypants

5 New updates for XP available at www.windowsupdate.com.

1 for Outlook Express
1 for Background Intelligent Transfer Service
3 Security updates for XP

Capt'n Midnight

http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx
July 04

There are critical updates for all supported versions of windows except for NT4 - it's updates are "only" important


• MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
A remote code execution vulnerability exists in the way that the Windows Shell launches applications. User interaction is required to exploit this vulnerability.
• MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315)
Two remote code execution vulnerabilities exist in HTML Help. (sigh)
• MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873)

A remote code execution vulnerability exists in the Task Scheduler because of the way that it handles application name validation. (input validation.)
• MS04-021: Security Update for IIS 4.0 (841373)
A buffer overrun vulnerability exists in Internet Information Server 4.0. (Oh that's a suprise ..not)
• MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872)
A privilege elevation vulnerability exists in the POSIX subsystem. (does anyone use POSIX anymore in windows - can remember being recommended to disable it back in the 90's)
• MS04-019: Vulnerability in Utility Manager Could Allow Code Execution (842526)
A privilege elevation vulnerability exists in the way that Utility Manager launches applications
• MS04-018: Cumulative Security Update for Outlook Express (823353)
- Denial of Service = Moderate
A denial of service vulnerability exists that could allow an attacker to send a specially crafted e-mail message causing Outlook Express to fail. (as opposed to failing in normal use)