Microsoft re-releases Security Bulletin for September 2004
An updated version of Microsoft's Security Bulletin for September 2004, re-released on 12 October 2004, introduces a revised patch against a vulnerability reported in the original bulletin. Microsoft Security Bulletin MS04-28 - [KB833987], rated "critical" by Microsoft, reported a buffer overrun vulnerability involving JPEG processing technology that affects software supporting the JPEG image format. The vulnerability could allow for remote code execution on affected systems.
The revised patch introduced by Microsoft Security Bulletin MS04-28 fixes a problem that was preventing some of the September updates from installing properly on systems running Windows XP SP2. Users of these systems should update their operating system via Windows Update before visiting Office Update to install the revised patch against the reported vulnerability in all Microsoft Office programs.
However, as these updates do not patch against this vulnerability in non-Microsoft products using the Platform SDK Distributable, it is important that users patch against this vulnerability in other software seperately. The updated bulletin includes information on non-Microsoft software that may be affected. To scan your system for software that may need updating and for more information on this re-release, please see the end-user summary of this bulletin (MS04-028).
An overview of information for IT professionals and developers regarding these vulnerabilities and the subsequent security fixes to GDI+ is provided at the Microsoft Security Developer Center. This article includes an outline of the buffer overrun vulnerability and information necessary to help identify applications at risk, APIs that expose risk, and existing versions of GDI+ installed.
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
- Security Bulletin MS04-028
- Knowledge Base article [KB833987]
- Microsoft Security Developer Center overview
- End-user summary of September 2004 security bulletins
- FRISK Software announcement of September 2004 security bulletins