Text Size:        

• See Also
• Current Updates

• Microsoft Security Resources
• Security Incidents
• Security Resources

• Juniper Networks Product Solutions for Microsoft
• Get detailed information about Juniper solutions that protect your Microsoft environment:
• SSL VPNs
• Intrusion Prevention
• Firewall / VPN Central Management34 KB
• VPN Resiliency594 KB
• Denial of Service and Attack Prevention754 KB
• Antivirus Protection55 KB

Microsoft Security Bulletins: Prior Updates April 2004

---

April 2004

Microsoft Security Bulletin MS04-011

Security Update for Microsoft Windows (835732)

Severity: Critical
Vulnerabilities:

• LSASS Vulnerability - CAN-2003-0533
  A buffer overrun vulnerability exists in LSASS that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
• LDAP Vulnerability - CAN-2003-0663
  A denial of service vulnerability exists that could allow an attacker to send a specially crafted LDAP message to a Windows 2000 domain controller. An attacker could cause the service responsible for authenticating users in an Active Directory domain to stop responding.
• PCT Vulnerability - CAN-2003-0719
  A buffer overrun vulnerability exists in the Private Communications Transport (PCT) protocol, which is part of the Microsoft Secure Sockets Layer (SSL) library. Only systems that have SSL enabled, and in some cases Windows 2000 domain controllers, are vulnerable. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Winlogon Vulnerability - CAN-2003-0806
  A buffer overrun vulnerability exists in the Windows logon process (Winlogon). It does not check the size of a value used during the logon process before inserting it into the allocated buffer. The resulting overrun could allow an attacker to remotely execute code on an affected system. Systems that are not members of a domain are not affected by this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Metafile Vulnerability - CAN-2003-0906
  A buffer overrun vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system. Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Help and Support Center Vulnerability - CAN-2003-0907
  A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. An attacker could exploit the vulnerability by constructing a malicious HCP URL that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Utility Manager Vulnerability - CAN-2003-0908
  A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and take complete control of the system.
• Windows Management Vulnerability - CAN-2003-0909
  A privilege elevation vulnerability exists in the way that Windows XP allows tasks to be created. Under special conditions, a non-privileged user could create a task that could execute with system permissions and therefore take complete control of the system.
• Local Descriptor Table Vulnerability - CAN-2003-0910
  A privilege elevation vulnerability exists in a programming interface that is used to create entries in the Local Descriptor Table (LDT). These entries contain information about segments of memory. An attacker who is logged on locally, could create a malicious entry and thereby gain access to protected memory, could take complete control of the system.
• H.323 Vulnerability - CAN-2004-0117
  A remote code execution vulnerability exists in the way the Microsoft H.323 protocol implementation handles malformed requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Virtual DOS Machine Vulnerability - CAN-2004-0118
  A privilege elevation vulnerability exists in the operating system component that handles the Virtual DOS Machine (VDM) subsystem. This vulnerability could allow a logged on user to take complete control of the system.
• Negotiate SSP Vulnerability - CAN-2004-0119
  A buffer overrun vulnerability exists in the Negotiate Security Software Provider (SSP) interface that could allow remote code execution. This vulnerability exists because of the way the Negotiate SSP interface validates a value that is used during authentication protocol selection. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• SSL Vulnerability - CAN-2004-0120
  A denial of service vulnerability exists in the Microsoft Secure Sockets Layer (SSL) library. The vulnerability results from the way that the Microsoft SSL library handles malformed SSL messages. This vulnerability could cause the affected system to stop accepting SSL connections on Windows 2000 and Windows XP. On Windows Server 2003, the vulnerability could cause the affected system to automatically restart.
• ASN.1 ÒDouble FreeÓ Vulnerability - CAN-2004-0123
  A remote code execution vulnerability exists in the Microsoft ASN.1 Library. The vulnerability is caused by a possible "double-free" condition in the Microsoft ASN.1 Library that could lead to memory corruption on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, under the most likely attack scenario this issue is a denial of service vulnerability.

Microsoft Security Bulletin MS04-012

Cumulative Update for Microsoft RPC/DCOM (828741)

Severity: Critical
Vulnerabilities:

• RPC Runtime Library Vulnerability - CAN-2003-0813
  A remote code execution vulnerability exists that results from a race condition when the RPC Runtime Library processes specially crafted messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, in the most likely attack scenario, this issue is a denial of service vulnerability.
• RPCSS Service Vulnerability - CAN-2004-0116
  A denial of service vulnerability exists in the RPCSS service. If a specially crafted message is sent to the RPCSS service, the service may not reclaim discarded memory. This behavior could result in a denial of service.
• COM Internet Services (CIS) Ð RPC over HTTP Vulnerability - CAN-2003-0807
  A denial of service vulnerability exists in the CIS and in the RPC over HTTP Proxy components. When a forwarded request to a backend system passes through them, an attacker could reply to the request by using a specially crafted message that could cause the affected components to stop accepting later requests.
• Object Identity Vulnerability - CAN-2004-0124
  A information disclosure vulnerability exists in the way that object identities are created. This vulnerability could allow an attacker to enable applications to open network communication ports. Although this vulnerability does not directly enable an attacker to compromise a system, it could be used to enable network communication through unexpected communication ports.

Microsoft Security Bulletin MS04-013

Cumulative Security Update for Outlook Express (837009)

Severity: Critical
Vulnerabilities:

• MHTML URL Processing Vulnerability - CAN-2004-0380
  A remote code execution vulnerability exists in the processing of specially crafted MHTML URLs that could allow an attackerÕs HTML code to run in the Local Machine security zone in Internet Explorer. This could allow an attacker to take complete control of an affected system.

Microsoft Security Bulletin MS04-014

Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)

Severity: Important
Vulnerabilities:

• Jet Vulnerability - CAN-2004-0197
  A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.