Microsoft has released Windows Security Bulletin for May 2004
Microsoft Security Bulletin MS04-015 reports the release of a patch against a recently discovered remote code execution vulnerability affecting Windows XP, Windows XP Service Pack 1 (SP1) and Windows Server 2003. This patch has been rated "important" by Microsoft.
Those who are logged on with administrative privileges are most at risk from exploitation of this vulnerability, this includes the majority of home users. If an attacker were to successfully exploit this vulnerability on such a machine, he could potentially gain complete control of the system. However, due to the fact that the user needs to be logged on with administrative privileges as well as a number of other hindrances to full exploitation, the vulnerability is not deemed to be high risk.
In addition to the above, Microsoft has made two minor changes: A feature enabling Windows XP to automatically offer users to upgrade a DVD decoder has been removed in order to pre-empt any potential malicious use. Also, a feature prompting users to send hardware profile information after running the Found New Hardware Wizard has been removed.
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
- Go to the Windows Update page.
- Click on "Scan for updates" and wait while your computer scans for updates.
- Once critical updates have been found click on "Review and install updates"
- Make sure that correct security updates are on the list of selected updates.
- Click on the "Install Now" button.
- Review the Terms and Conditions and select "Accept" to proceed.
- Windows will now install the appropriate updates.
- Microsoft Windows Security Bulletin Summary for May 2004
- Windows Security Update for May 2004, end-user version
- Microsoft Security Bulletin MS04-015
- Microsoft Knowledge Base Article 840374