Microsoft releases its Security Bulletins for July 2004
Microsoft has released its monthly security bulletins for July 2004. These latest bulletins report the release of patches against two "critical" vulnerabilities, four classified as "important" and one as "moderate". A summary of these bulletins can be found here, an end user version of which is also available.
Microsoft Security Bulletin MS04-22 - [KB841873] announces the release of a patch against a "critical" vulnerability affecting Windows NT, 2000, and XP. This is a buffer overrun vulnerability in the "Task Scheduler", a component of Windows that allows users to schedule system tasks. If fully exploited, the vulnerability could potentially allow an attacker to gain complete control of the compromised system. As a result, such an attacker would be able to place and run attack code on the machine, corrupt or delete data, install programs and create new, full privilege accounts on the system.
Microsoft Security Bulletin MS04-23 - [KB840315] introduces a patch against "critical" vulnerabilities in the HTML-based Help system used by all versions of Windows. According to Microsoft, an attacker who successfully exploited the most severe of these vulnerabilities could potentially gain full control of an affected system. Proof of concept code pertaining to this vulnerability has already been released on the Internet, raising the immediate risk level of attacks targeting this vulnerability.
In addition to the above, one "moderate" and four "important" Microsoft Security Bulletins have been released for July. Links to all of these can be found at the bottom of this page, along with links to the relevant Knowledge Base articles. Patches against reported vulnerabilities can be downloaded via links posted within the appropriate Security Bulletin or by visiting Windows Update (See instructions below).
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
Follow the instructions below to update Windows:
- Go to the Windows Update page.
- Click on "Scan for updates" and wait while your computer scans for updates.
- Once critical updates have been found click on "Review and install updates"
- Make sure that correct security updates are on the list of selected updates.
- Click on the "Install Now" button.
- Review the Terms and Conditions and select "Accept" to proceed.
- Windows will now install the appropriate updates.
Microsoft Security Bulletins for July 2004:
Microsoft Security Bulletin MS04-19 - [KB842526].
Microsoft Security Bulletin MS04-20 - [KB841872].
Microsoft Security Bulletin MS04-21 - [KB841373].
Microsoft Security Bulletin MS04-24 - [KB839645].