Microsoft Security Bulletin MS04-023--Please Note!

The Update related to this Securty Bulletin is now available at Windows =
Updates for Windows 98/98SE and Millennium Edition (at least, it's in =
the Catalog.) Since there is no Windows Updates for Windows 95, I =
figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium =
Edition critically affected by any of the vulnerabilities that are =
addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible =
following the release. When these security updates are available, you =
will be able to download them only from the Windows Update Web site.

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Emily F [MSFT]" wrote in message =
...
Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/sec.../ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
=20
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML =
Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could =
take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that =
have full
privileges. Users whose accounts are configured to have fewer =
privileges on
the system would be at less risk than users who operate with =
administrative
privileges.
We recommend that customers apply the update immediately
=20
Summary
Who should read this document: Customers who use Microsoft=AE =
Windows=AE
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows =
NT
4.0 Terminal Server Edition are not affected by default. However if =
you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer =
6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Softwa
.Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service =
Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
.Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - =
Download the
update
.Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the =
update
.Microsoft Windows XP 64-Bit Edition Version 2003 - Download the =
update
.Microsoft Windows ServerT 2003 - Download the update
.Microsoft Windows Server 2003 64-Bit Edition - Download the update
.Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of =
this
bulletin for details about these operating systems.
=20