Microsoft re-releases Security Bulletin for September 2004

18 October 2004

An updated version of Microsoft's Security Bulletin for September 2004, re-released on 12 October 2004, introduces a revised patch against a vulnerability reported in the original bulletin. Microsoft Security Bulletin MS04-28 - [KB833987], rated "critical" by Microsoft, reported a buffer overrun vulnerability involving JPEG processing technology that affects software supporting the JPEG image format. The vulnerability could allow for remote code execution on affected systems.

The revised patch introduced by Microsoft Security Bulletin MS04-28 fixes a problem that was preventing some of the September updates from installing properly on systems running Windows XP SP2. Users of these systems should update their operating system via Windows Update before visiting Office Update to install the revised patch against the reported vulnerability in all Microsoft Office programs.

However, as these updates do not patch against this vulnerability in non-Microsoft products using the Platform SDK Distributable, it is important that users patch against this vulnerability in other software seperately. The updated bulletin includes information on non-Microsoft software that may be affected. To scan your system for software that may need updating and for more information on this re-release, please see the end-user summary of this bulletin (MS04-028).

An overview of information for IT professionals and developers regarding these vulnerabilities and the subsequent security fixes to GDI+ is provided at the Microsoft Security Developer Center. This article includes an outline of the buffer overrun vulnerability and information necessary to help identify applications at risk, APIs that expose risk, and existing versions of GDI+ installed.

Important:
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.

Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.

Relevant links:

Patches can be downloaded via links posted within the appropriate Security Bulletin or by visiting Windows Update and Office Update.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN