Text Size:        

• See Also
• Current Updates

• Microsoft Security Resources
• Security Incidents
• Security Resources

• Juniper Networks Product Solutions for Microsoft
• Get detailed information about Juniper solutions that protect your Microsoft environment:
• SSL VPNs
• Intrusion Prevention
• Firewall / VPN Central Management34 KB
• VPN Resiliency594 KB
• Denial of Service and Attack Prevention754 KB
• Antivirus Protection55 KB

Microsoft Security Bulletins: Prior Updates

---

December 2004

Microsoft Security Bulletin MS04-040

Cumulative Security Update for Internet Explorer (889293)

Severity: Critical
Vulnerabilities:

• HTML Elements Vulnerability - CAN-2004-1050
  A remote code execution vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web Page that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS04-041

Vulnerability in WordPad Could Allow Code Execution (885836)

Severity: Important
Vulnerabilities:

• Table Conversion Vulnerability - CAN-2004-0571
  A remote code execution vulnerability exists in the Microsoft Word for Windows 6.0 Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.
• Font Conversion Vulnerability - CAN-2004-0901
  A remote code execution vulnerability exists in the Microsoft Word for Windows 6.0 Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

Microsoft Security Bulletin MS04-042

Vulnerability in DHCP Could Allow Remote Code Execution and Denial Of Service (885249)

Severity: Important
Vulnerabilities:

• MachineName Vulnerability - CAN-2004-0899
  A denial of service vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server. An attacker could cause the DHCP Server service to stop responding.
• HardwareAddress Vulnerability - CAN-2004-0900
  A remote code execution vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server. However, attempts to exploit this vulnerability would most likely result in a denial of service of the DHCP Server service.

Microsoft Security Bulletin MS04-043

Vulnerability in HyperTerminal Could Allow Code Execution (873339)

Severity: Important
Vulnerabilities:

• HyperTerminal Vulnerability - CAN-2004-0568
  A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. An attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution and then persuade a user to open this file. . This vulnerability could be used through a malicious Telnet URL if HyperTerminal had been set as the default Telnet client. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability

Microsoft Security Bulletin MS04-044

Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Severity: Important
Vulnerabilities:

• Windows Kernel Vulnerability - CAN-2004-0893
  A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow a logged on user to take complete control of the system.
• LSASS Vulnerability - CAN-2004-0894
  A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow a logged on user to take complete control of the system.

Microsoft Security Bulletin MS04-045

Vulnerability in WINS Could Allow Remote Code Execution (870736)

Severity: Important
Vulnerabilities:

• Name Validation Vulnerability - CAN-2004-0567
  A remote code execution vulnerability exists in WINS because of the way that it handles computer name validation. An attacker could exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Association Context Vulnerability - CAN-2004-1080
  A remote code execution vulnerability exists in WINS because of the way that it handles association context validation. An attacker could exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, attempts to exploit this vulnerability would most likely result in a denial of service on Windows Server 2003. The service would have to be restarted to restore functionality.

  Login to learn more about how Juniper products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)