Microsoft warns of newly discovered security threats.
Microsoft has now upgraded the severity rating of the vulnerability reported on 9 March 2004 in Microsoft Security Bulletin MS04-009 [summary]. This vulnerability affects Microsoft Office XP and Microsoft Outlook 2002 and, given certain conditions, could allow for remote code execution on unpatched computers. This vulnerability appears to be more serious than first believed and has now been rated as being of critical severity by Microsoft.
A patch against this vulnerability is provided in Microsoft Office XP Service Pack 3. To update your Microsoft Office XP package, go to the Microsoft Office Update web site and click on "Check for Updates". A patch specifically for the vulnerability can also be downloaded from the bulletin (MS04-009).
In addition, Microsoft has released Security Bulletin MS04-010 [summary] and Security Bulletin MS04-008 [summary]. The former bulletin reports a minor vulnerability in Microsoft MSN Messenger 6.0 and 6.1 while the latter warns of a vulnerability that affects only Microsoft Windows 2000 Server. The latter bulletin is therefore primarily of interest to system administrators.
For detailed information on these vulnerabilities and downloads see the following Knowledge Base Articles:
- Microsoft Knowledge Base Article 828040
- Microsoft Knowledge Base Article 838512
- Microsoft Knowledge Base Article 832359
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.