April 2004 | Tony Bradley

April 2004

by Tony Bradley • April 30, 2004 • 2004
Its the second Tuesday of the month again- and that means Microsoft Security Bulletins! This month Microsoft released four new Security Bulletins: MS04-011, MS04-012, MS04-013 and MS04-014.

MS04-011 is a security roll-up package. It is not a cumulative patch because it does not include ALL previous patches, but it does contain patches and updates to fix a number of very serious vulnerabilities in Windows.

The MS04-012 Security Bulletin does contain a cumulative patch which includes all prior patches and updates for the RPC / DCOM vulnerabilities (the flaws that were targeted by worms such as MSBlast and Nachi) as well as addressing a couple of newly discovered RPC / DCOM flaws.

MS04-013 is a cumulative security update for Outlook Express. This patch also addresses a new vulnerability that should concern just about every Windows user out there. The latest Outlook Express vulnerability is particularly critical because it has the potential to be exploited whether you actually use Outlook Express or not.

MS04-014 is related to a flaw in the Microsoft JET Database engine. An attacker who exploits this vulnerability may be able to take complete control of the vulnerable system. Before you start thinking this doesn’t apply to you, the JET Database engine is used by a number of products and may be installed on your system even if you aren’t aware of it.
- Microsoft Security Bulletin MS04-011
  Security Update for Microsoft Windows
  Microsoft Criticality: Critical
  - http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
- Microsoft Security Bulletin MS04-012
  Cumulative Update for Microsoft RPC/DCOM
  Microsoft Criticality: Critical
  - http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx
- Microsoft Security Bulletin MS04-013
  Cumulative Security Update for Outlook Express
  Microsoft Criticality: Critical
  - http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx
- Microsoft Security Bulletin MS04-014
  Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution
  Microsoft Criticality: Important
  - http://www.microsoft.com/technet/security/bulletin/ms04-014.mspx
Tags: attacker, Bulletin, Bulletins, complete control, criticality, Cumulative, cumulative patch, database, DCOM, engine, Express, Jet, jet database engine, Microsoft, microsoft jet database, microsoft jet database engine, microsoft rpc, microsoft security bulletin, microsoft windows, month, ms04 011, msblast, mspx, new security, number, Outlook, outlook express microsoft, patch, RPC, rpc dcom, security, system, technet security, Update, vulnerabilities, vulnerability, windows, windows microsoft, windows user
About Tony Bradley

Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

http://www.tonybradley.com
My Sites
Testimonials
“Tony is a talented writer with a broad background in the area of information security. He has a produced a rather impressive body of work on the subject.”
Stuart Caitlin
BT
Twitter
- Facebook marketing may not be worth it for GM's $10 million, but that doesn't mean that Facebook ads don't work. It… https://t.co/4ilENa2T 03:34:13 PM May 16, 2012 from ManageFlitter Reply Retweet Favorite
- Why Facebook Marketing Doesn't Work for GM. http://t.co/WN0RBkxa 03:04:01 PM May 16, 2012 from TweetDeck Reply Retweet Favorite
- New and Improved SkyDrive Is a Threat to Dropbox. http://t.co/7pblpuQ7 01:58:01 PM May 16, 2012 from web Reply Retweet Favorite
@thetonybradley
Facebook

Tony Bradley on Facebook