Microsoft reports the discovery of serious Windows vulnerabilities
Microsoft's monthly security bulletins for April report the discovery of a number of Windows vulnerabilities. The most serious of these could allow for remote code execution on unpatched machines and the potential for large-scale attacks.
Microsoft Security Bulletin MS04-011 reports the release of a patch against fourteen Windows vulnerabilities (KB835732). The most dangerous of these is of particular concern to Windows 2000 and Windows XP users and could allow for remote execution of arbitrary code on unpatched systems. These vulnerabilities pose a considerable threat to system security and all users are urged to apply this patch immediately. This update has been rated "critical" by Microsoft.
Microsoft Security Bulletin MS04-012 reports the release of a patch against four vulnerabilities. These include a serious RPC/DCOM vulnerability that could allow a worm to infect systems directly from the Internet through vulnerable ports (KB828741). An attacker could then gain complete control of an infected system. A similar vulnerability was exploited by the Msblast worms in the large-scale outbreak of August 2003. This update supersedes MS03-039 and has been rated "critical" by Microsoft.
Microsoft Security Bulletin MS04-013 reports the release of a patch against a serious vulnerability affecting Microsoft Outlook Express (KB837009). This vulnerability could allow a worm to infect a user's system when a URL link received in an e-mail is followed. This update has been rated "critical" by Microsoft.
Microsoft has also released Microsoft Security Bulletin MS04-014 reporting the release of a patch against a vulnerability in the Microsoft Jet Database Engine (KB837001). This update has been rated "important" by Microsoft.
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
- Go to the Windows Update page.
- Click on "Scan for updates" and wait while your computer scans for updates.
- Once critical updates have been found click on "Review and install updates"
- Make sure that correct security updates are on the list of selected updates.
- Click on the "Install Now" button.
- Review the Terms and Conditions and select "Accept" to proceed.
- Windows will now install the appropriate updates.
Microsoft has also released a fix to Microsoft Security Bulletin MS04-004 (KB832894). In some case users may begin to receive errors when connecting to websites after applying the KB832894 security update to Internet Explorer. The fix has been released as Microsoft Knowledge Base Article 831167.
Detailed information on these vulnerabilities and the corresponding patches can be found in the following Knowledge Base Articles:
- Microsoft Knowledge Base Article 835732
- Microsoft Knowledge Base Article 828741
- Microsoft Knowledge Base Article 837009
- Microsoft Knowledge Base Article 837001
- Microsoft Knowledge Base Article 831167
Further information on these vulnerabilities can be found in US-CERT Technical Cyber Security Alert TA04-104A.