Home > Microsoft Security > Microsoft Security Bulletin Ms04-040

Microsoft Security Bulletin Ms04-040

For more information about SSL, see Microsoft Knowledge Base Article 245152. After installing the Internet Explorer 6.0 SP1 version of this update, there may be intermittent failures of POST requests to SSL protected sites. File Version Verification Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. However, this permission may have been delegated to other user accounts in the domain. have a peek here

System administrators can also use the Spuninst.exe utility to remove this security update. Internet Explorer 6 for Windows Server 2003 is not affected by this vulnerability. Warning: Microsoft recommends that customers consider these changes to Internet Explorer security settings as a last resort only. Install the Outlook E-mail Security Update if you are using Outlook 2000 SP1 or earlier.

Outlook Express 5.5 Service Pack 2 opens HTML e-mail in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed. For more information, see Microsoft Knowledge Base Article 824994. Yes. For more information about severity ratings, visit the following Web site.

This vulnerability could be exploited in scenarios that use Internet Explorer’s BMP rendering code to view the malicious file. Can I use Systems Management Server (SMS) to determine if this update is required? By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry.

However, PCT is disabled by default. Yes. To determine the support lifecycle for your product and version, visit the Microsoft Support Lifecycle Web site. An attacker who successfully exploited this vulnerability could run malicious script code in the Local Machine security zone in Internet Explorer or access information in a different domain.

MBSA, when used with SMS, will instruct SMS administrators to deploy this SMS Deployment package. For more information, see Microsoft Knowledge Base Article 824994. Click Start, and then click Search. In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.

Installation Information This security update supports the following setup switches: /help                 Displays the command line options Setup Modes /quiet                Quiet mode (no user interaction or display) /passive            Unattended mode (progress bar only)       /uninstall          Uninstalls the Read e-mail messages in plain text format if you are using Outlook 2002 or later, or Outlook Express 6 SP1 or later, to help protect yourself from the HTML e-mail attack I am running Internet Explorer on Windows Server 2003. What systems are primarily at risk from the vulnerability?

Internet Explorer 6 for Windows XP DateTimeVersionSizeFile NamePlatform 16-Jan-200411:296.00.2737.16001,024,512Browseui.dllX86 08-Jan-200422:216.00.2737.8002,764,288Mshtml.dllX86 15-Aug-200320:316.00.2722.90034,304Pngfilt.dllX86 05-Mar-200203:096.00.2715.400548,864Shdoclc.dllX86 08-Jan-200422:236.00.2737.8001,337,344Shdocvw.dllX86 15-Aug-200320:316.00.2730.1200391,168Shlwapi.dllX86 15-Aug-200320:316.00.2715.400109,568Url.dllX86 23-Dec-200321:146.00.2736.2300481,792Urlmon.dllX86 08-Jan-200422:236.00.2737.800585,216Wininet.dllX86 Internet Explorer 5.5 SP2 for Windows Millennium Edition DateTimeVersionSizeFile NamePlatform 23-Dec-200318:015.50.4936.2300815,376Browseui.dllX86 09-Jan-200401:085.50.4937.8002,760,464Mshtml.dllX86 17-Oct-200203:015.50.4922.90048,912Pngfilt.dllX86 09-Jan-200401:095.50.4937.8001,149,712Shdocvw.dllX86 navigate here Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin? Vulnerability Details MHTML URL Processing Vulnerability - CAN-2004-0380: A remote code execution vulnerability exists in the processing of specially crafted MHTML URLs that could allow an attacker's HTML code to run Note After April 20, 2004, the Mssecure.xml file that is used by MBSA 1.1.1 and earlier versions is no longer being updated with new security bulletin data.

If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE files to your computer. You’ll be auto redirected in 1 second. How does this vulnerability relate to the Help and SupportCenter vulnerability that is corrected by MS04-011? Check This Out However, Utility Manager is not running by default.

Detailed information about IPSec and how to apply filters is available in Microsoft Knowledge Base Articles 313190 and 813878. Windows NT 4.0 and Windows XP are not affected by this vulnerability. The dates and times for these files are listed in coordinated universal time (UTC).

Impact of Workaround: Tasks that are created as event-based triggers will not function while this provider is not registered.

An attacker who successfully exploited this vulnerability could run malicious script code in the Local Machine security zone in Internet Explorer. This vulnerability could be exploited when a user views a .grp file. For more information about support lifecycles for Windows components, visit the following Microsoft Support Lifecycle Web site. Security Resources: The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.

See the FAQ section for this security update for more information about Internet Explorer Enhanced Security Configuration. An attacker would have no way to force users to visit a malicious Web site. By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. this contact form Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability?

What is Program Group Converter? An EMF image is a 32-bit format that can contain both vector information and bitmap information. Vulnerability Details CSS Heap Memory Corruption Vulnerability - CAN-2004-0842: A remote code execution vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. For contact information, visit the Microsoft Worldwide Information Web site, select the country, and then click Go to see a list of phone numbers.

One in particular that you may want to add is "*.windowsupdate.microsoft.com" (without the quotes). This issue is unrelated to the security vulnerability discussed in this bulletin. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. For more information about IFRAME elements, visit this Microsoft Developer Network (MSDN) Web site.

To download an updated version of NetMeeting that addresses this vulnerability, visit the following Web site. Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin? For backward compatibility, this security update also supports the setup switches that are used by the previous version of the Setup utility. These vulnerabilities, broken down by severity are: Critical (1) Bulletin IdentifierMicrosoft Security Bulletin MS04-040 Bulletin Title Cumulative Security Update for Internet Explorer (889293) Executive Summary A vulnerability exists in Internet Explorer

If the user selects the "Remember my password" check-box they will continue to be stored locally after the initial visit to these Web Sites. All rights reserved. For more information about how to contact Microsoft for support issues, visit the International Support Web site. An attacker who successfully exploited this vulnerability could run malicious script code in the Local Machine security zone in Internet Explorer.

This utility supports the following setup switches: /?: Show the list of supported switches /z: Do not restart when the installation is complete /q: Use Quiet mode (no user interaction) For In the default Category View, click Network and Internet Connections, and then click Setup or change your home or small office network. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.Note

© 2017 jscience.net