Microsoft releases its Security Bulletins for September 2004

15 September 2004

Microsoft has released its monthly Security Bulletins for September 2004. These latest bulletins report the release of patches against one "critical" vulnerability and one classified as "important".

We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.

Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.

Microsoft Security Bulletin MS04-28 - [KB833987], rated "critical" by Microsoft, reports a buffer overrun vulnerability that could allow for remote code execution on an affected system. The vulnerability involves JPEG processing technology and affects software that supports the JPEG image format, including some versions of Microsoft Windows, Microsoft Office, and Microsoft developer tools. A number of other software also contains the vulnerable component and should also be updated as soon as possible. See list of affected software below.

For full details on systems and software affected by this vulnerability as well as available updates, please consult Microsoft's technical bulletin on the issue. Note that Windows XP Service Pack 2 (SP2) is not affected by this vulnerability and that users of Windows XP SP2 need only update Office.

The following programs are affected by this vulnerability:

  • Windows XP
  • Windows XP Service Pack 1
  • Windows Server 2003
  • Internet Explorer 6 SP1
  • Office XP SP3
  • Office 2003
  • Digital Image Pro 7.0
  • Digital Image Pro 9
  • Digital Image Suite 9
  • Greetings 2002
  • Picture It! 2002
  • Picture It! 7.0
  • Picture It! 9
  • Producer for PowerPoint
  • Project 2002 SP1
  • Project 2003
  • Visio 2002 SP2
  • Visio 2003
  • Visual Studio .NET 2002
  • Visual Studio .NET 2003

Microsoft Security Bulletin MS04-27 - [KB884933], rated "important" by Microsoft, reports a remote code execution vulnerability in the WordPerfect 5.x Converter that could potentially allow an attacker to take control of an affected system, installing programs, viewing, changing, or deleting data or creating new accounts with full privileges. However, a number of mitigating factors, such as the need for users to be logged on with administrative privileges and the need for considerable user interaction, greatly reduce the potential risk to end-users.

End-user versions of this month's bulletins can be found here (MS04-28) and here (MS04-27).

Patches against reported vulnerabilities can be downloaded via links posted within the appropriate Security Bulletin or by visiting Windows Update and Office Update.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

2014 © CYREN · Privacy Statement