A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows ME » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)



 
 
Thread Tools Display Modes
  #1  
Old July 14th 04, 12:43 AM
Gary S. Terhune
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

Note to Windows 9x users--This Patch has been deemed "Not Critical" and =
is therefore not available to Win9x users--not even to WinME users. For =
those systems to which it "applies", this patch is deemed "Important". =
Of course, according to the definitions provided by MS at =
http://www.microsoft.com/technet/sec...in/rating.mspx, the only =
difference between "Critical" and "Important" is that while the latter =
can destroy your system, it can't spread itself like the former can. =
Gee, thanks...

(I have a request in to those in charge, asking for a bit of elucidation =
on the subject.)

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Emily F [MSFT]" wrote in message =
...
Microsoft Security Bulletin MS04-024
Vulnerability in Windows Shell Could Allow Remote Code Execution =

(839645)
http://www.microsoft.com/technet/sec.../ms04-024.mspx
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves a newly-discovered, publicly reported =

vulnerability. A
remote code execution vulnerability exists in the way that the Windows =

Shell
launches applications.
If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control =

of an
affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. However,
significant user interaction is required to exploit this =

vulnerability.
Users whose accounts are configured to have fewer privileges on the =

system
would be at less risk than users who operate with administrative =

privileges.
We recommend that customers consider applying the security update.
Summary
Who should read this document: Customers who use Microsoft=AE =

Windows=AE
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Recommendation: Customers should install the update at the earliest
opportunity.
Security Update Replacement: This update replaces MS03-027 on Windows =

XP.
This update does not replace MS03-027 on Windows NT 4.0, on Windows =

2000, or
on Windows Server 2003.
Caveats: None
Tested Software and Security Update Download Locations:
Affected Softwa
.Microsoft Windows NT=AE Workstation 4.0 Service Pack 6a - Download =

the update
.Microsoft Windows NT Server 4.0 Service Pack 6a - Download the update
.Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack =

6 -
Download the update
.Microsoft Windows NT=AE Workstation 4.0 Service Pack 6a and NT Server =

4.0
Service Pack 6a with Active Desktop - Download the update
.Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service =

Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
.Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - =

Download the
update
.Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the =

update
.Microsoft Windows XP 64-Bit Edition Version 2003 - Download the =

update
.Microsoft Windows ServerT 2003 - Download the update
.Microsoft Windows Server 2003 64-Bit Edition - Download the update
.Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of =

this
bulletin for details about these operating systems.
=20
The software in this list has been tested to determine if the versions =

are
affected. Other versions either no longer include security update =

support or
may not be affected. To determine the support lifecycle for your =

product and
version, visit the following Microsoft Support Lifecycle Web site.
=20

  #2  
Old July 14th 04, 04:24 AM
Buffalo
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)


"Gary S. Terhune" wrote in message
...
Note to Windows 9x users--This Patch has been deemed "Not Critical" and is
therefore not available to Win9x users--not even to WinME users. For those
systems to which it "applies", this patch is deemed "Important". Of course,
according to the definitions provided by MS at
http://www.microsoft.com/technet/sec...in/rating.mspx, the only
difference between "Critical" and "Important" is that while the latter can
destroy your system, it can't spread itself like the former can. Gee,
thanks...

(I have a request in to those in charge, asking for a bit of elucidation on
the subject.)

Elucidation, is that like the lightning storm I see outside now???

--
Gary S. Terhune
MS MVP for Win9x

"Emily


  #3  
Old July 14th 04, 05:06 AM
Gary S. Terhune
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

Considering the likelihood of a quick and definitive response, the =
comparison could only be characterized as "remotely similar" sigh

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Buffalo" wrote in message =
news:_H1Jc.50447$WX.45051@attbi_s51...
=20
"Gary S. Terhune" wrote in message
...
Note to Windows 9x users--This Patch has been deemed "Not Critical" =

and is
therefore not available to Win9x users--not even to WinME users. For =

those
systems to which it "applies", this patch is deemed "Important". Of =

course,
according to the definitions provided by MS at
http://www.microsoft.com/technet/sec...in/rating.mspx, the =

only
difference between "Critical" and "Important" is that while the latter =

can
destroy your system, it can't spread itself like the former can. Gee,
thanks...
=20
(I have a request in to those in charge, asking for a bit of =

elucidation on
the subject.)
=20
Elucidation, is that like the lightning storm I see outside now???
=20
--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Emily
=20

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353) PA Bear General 5 July 15th 04 05:49 AM
Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) Gary S. Terhune General 2 July 14th 04 05:06 AM
Microsoft Security Bulletin MS04-023--Please Note! Gary S. Terhune General 4 July 14th 04 04:39 AM
Microsoft Security Bulletin MS04-023--Please Note! Gary S. Terhune General 4 July 14th 04 04:39 AM
Please help! Display settings !! Mitzi Monitors & Displays 12 July 11th 04 05:19 AM


All times are GMT +1. The time now is 08:25 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.