Microsoft releases critical patches to avoid potential large scale attack
New vulnerabilities affecting Microsoft Windows were announced by Microsoft on 11 February 2004 in Microsoft Security Bulletin MS04-007. Systems affected by these vulnerabilities are:
- Windows XP Home
- Windows XP Professional
- Windows 2000 Professional
- Windows NT 4 Workstation
- Windows 2003 Server
- Windows 2000 Server
- Windows NT 4 Server
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
Microsoft has warned of vulnerabilities that pose serious threats to users of the above mentioned Windows systems and has issued patches that users are urged to install immediately. Microsoft Security Bulletin MS04-007 warns of a security hole that could, if left unpatched, allow a worm to spread quickly over the internet. This vulnerability is similar to the one exploited by the W32/Msblast worms that wreaked havok on Windows users throughout August 2003. The patch against this vulnerability (KB 828028) has therefore been classified as a critical update by Microsoft.
Microsoft has also issued Microsoft Security Bulletin MS04-004 that reports a vulnerability in Microsoft Internet Explorer. This vulnerability could potentially allow for remote code execution on an infected machine and therefore poses a considerable threat. The patch against this vulnerability (KB 832894) has also been classified as a critical update.
A summary of these security bulletins has also been released in which the release of a third patch against a lesser threat (KB 830352) that only applies to the Server versions of Windows is announced.
Users should patch against these vulnerabilities by updating their systems:
- Go to the Windows Update page.
- Click on "Scan for updates" and wait while your computer scans for updates.
- Once critical updates have been found click on "Review and install updates":
- Make sure that correct security updates are on the list of selected updates:
- All Windows versions:
- KB 828028
- KB 832894
- Server versions only:
- KB 830352
- All Windows versions:
- Click on the "Install Now" button.
- Review the Terms and Conditions and select "Accept" to proceed.
Detailed information on these vulnerabilities and the corresponding patches can be found in the following Knowledge Base Articles:
- Microsoft Knowledge Base Article 828028
- Microsoft Knowledge Base Article 832894
- Microsoft Knowledge Base Article 830352