Help ATS with a contribution via PayPal:
learn more

New MS Windows Flaws 4/13/2004

page: 1
0

log in

join

posted on Apr, 13 2004 @ 10:02 PM
link   
The software security firm eEye® Digital Security has announce the existence of six new vulnerabilities in Microsoft Windows operating systems. The announcement coincides with the release of software patches to fix the vulnerabilities. These security flaws could allow an attack to gain complete control over an unpatched system. The timing is important development because the period of time between the confirmation of a vulnerability and the appearance of code -usually in the form of a virus, worm, or script- to exploit it has decreased to a matter of days versus the weeks once required. The eEye article also states that two of the six flaws were discovered 200 days prior to the release of patches. Although not implicitly stated in this announcement, eEye generally make the vendors of a vulnerable software package well before the public announcement. Users of MS Windows should apply these patches immediately. They are available for manual download or via the built-in “Windows Update” feature.
eEye
 

eEye® Digital Security, a leading developer of network security software solutions, today announced the discovery of six new vulnerabilities related to Microsoft (NASDAQ: MSFT) Windows®. The critical discoveries include dangerous flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye’s research team discovered two of the most critical vulnerabilities as early as September 2003. The patch for these vulnerabilities released today comes more than 200 days after eEye’s discovery.

MS Announcement MS04-011
MS Announcement MS04-012




posted on Apr, 14 2004 @ 01:50 AM
link   
In addition to the flaws resulting from the eEye discoveries, Microsoft has released patches for other security holes affecting every version of Windows to one degree or another. These include Outlook Express (included with Windows) HTML handling even if it isn't used as the default e-mail software on your system and the Microsoft Jet Database Engine. The total number of vulnerabilities in the four security bulletins released today totals 20 separate flaws in Windows and Outlook Express.

These patches can be obtained using "Windows Update."

Microsoft Security Bulletin MS04-013
Microsoft Security Bulletin MS04-013





 
0

log in

join