Microsoft warns of seven Windows flaws
VNUNet.com By Robert Jaques Wednesday, July 14, 2004
Security NewsAll News Security News Home
Microsoft yesterday warned of seven security vulnerabilities,
two of which it rated as 'critical'.
The company has issued updates for all seven flaws. These
include MS04-022, which addresses a vulnerability in Task
Scheduler that could allow code execution.
Microsoft explained that if a user is logged on with
administrative privileges, an attacker who successfully exploited
this vulnerability could take complete control of an affected
system, including installing programs, viewing, changing or
deleting data, or creating new accounts with full privileges.
The flaw affects Windows 2000 (Service Pack 2, 3 and 4), XP,
and XP 64-bit edition Service Pack 1.
Update MS04-023 addresses the other critical flaw, which
centres on vulnerabilities in HTML Help and also could allow
malicious hackers to run code on compromised Windows PCs.
The flaw affects the same versions of Windows as MS04-022 but
also affects Windows Server 2003 and 64-bit edition.
Of the remaining alerts four are rated as 'important' and one
'moderate'. They include MS04-018, a cumulative security update
for Outlook Express; MS04-019, concerning a vulnerability in
Utility Manager that could allow code execution; and MS04-020,
dealing with a vulnerability in POSIX that could allow code
execution.
MS04-021 comprises a security update for IIS 4.0, while
MS04-024 addresses a vulnerability in Windows Shell that could
allow remote code execution. Further information, and patches for
all seven vulnerabilities, can be found here.
To see more of VNUNet go to http://www.vnunet.com
