Microsoft releases critical patches to avoid potential large scale attack
New vulnerabilities affecting Microsoft Windows were announced by Microsoft on 11 February 2003 in
Microsoft Security Bulletin MS04-007. Systems affected by these vulnerabilities
are:
- Windows XP Home
- Windows XP Professional
- Windows 2000 Professional
- Windows NT 4 Workstation
- Windows 2003 Server
- Windows 2000 Server
- Windows NT 4 Server
Important: We recommend that users immediately patch
against these vulnerabilities by downloading and installing
critical updates
from Microsoft. Please refer to the instructions below for details.
Users are also encouraged to update their antivirus software daily and to install a
firewall on their computers, if they do not have one already. For more information
on firewalls, please read Microsoft's
tutorial on
how to protect your PC.
Microsoft has warned of vulnerabilities that pose serious threats
to users of the above mentioned Windows systems and has issued patches that users are urged
to install immediately.
Microsoft Security Bulletin MS04-007 warns of a security hole that could, if left unpatched,
allow a worm to spread quickly over the internet. This vulnerability is similar to the one exploited by
the W32/Msblast worms that wreaked havok on Windows users throughout August 2003. The patch against this vulnerability (KB 828028)
has therefore been classified as a critical update by Microsoft.
Microsoft has also issued
Microsoft Security Bulletin MS04-004 that reports a vulnerability in Microsoft Internet Explorer. This vulnerability could
potentially allow for remote code execution on an infected machine and therefore poses a considerable threat.
The patch against this vulnerability (KB 832894) has also been classified as a critical update.
A summary of these security bulletins has
also been released in which the release of a third patch against a lesser threat (KB 830352) that only applies to the Server versions of Windows is announced.
Users should patch against these vulnerabilities by
updating their systems:
- Go to the Windows Update page.
- Click on "Scan for updates" and wait while your computer scans for updates.
- Once critical updates have been found click on "Review and install updates":
- Make sure that correct security updates are on the list of selected updates:
- All Windows versions:
- Server versions only:
- Click on the "Install Now" button.
- Review the Terms and Conditions and select "Accept" to proceed.
Windows will now install the appropriate updates.
Detailed information on these vulnerabilities and the corresponding patches can be found in the following Knowledge Base Articles:
|
