-----Original Message----- From: Thor Larholm To: http://unpatched.pivxlabs.com Subject: [Unpatched] 4 old Microsoft patches updated 4 old Microsoft patches updated In addition to releasing 4 new patches today (see previous post on Unpatched below), Microsoft has re-released 4 older patches without notice. These 4 advisories now include additional patches for Exchange 5.0 and NT 4 and, if left unpatched, could allow unauthorized email relaying, Denial of Service and code execution. PivX Solutions would like to thank Mario Kuechler for giving us additional information about the SMTP relaying issue in MS02-011. The following patches have been updated today: MS00-082 - Patch Available for 'Malformed MIME Header' Vulnerability http://www.microsoft.com/technet/security/Bulletin/MS00-082.mspx MS01-041 - Malformed RPC Request Can Cause Service Failure http://www.microsoft.com/technet/security/Bulletin/MS01-041.mspx MS02-011 - Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service http://www.microsoft.com/technet/security/Bulletin/MS02-011.mspx MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436) http://www.microsoft.com/technet/security/Bulletin/MS03-046.mspx A broad summary for April 2004 patched can be found at http://www.microsoft.com/technet/security/bulletin/winapr04.mspx Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@pivx.com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> ----- Original Message ----- From: Thor Larholm To: http://unpatched.pivxlabs.com Subject: 4 new Microsoft patches to close 20 vulnerabilities 4 new Microsoft patches to close 20 vulnerabilities It's patch Tuesday in Redmond and this April we have seen the release of MS04-011, MS04-012, MS04-013 and MS04-014. Microsoft has given all of these patches an impact of "Remote Code Execution" and the affected software ranges from Windows 98 to Windows 2003 64-Bit Edition. If you use Windows you will have to patch, preferable today. This week will see a wide range of vulnerability advisories and exploit releases. The documented functionality changes are few and minor. Currently, these patches are not available on Windows Update (11:25AM pacific time), but I can only imagine that it is a matter of hours. They can be retrieved with MBSA, SMS and a wide range of patch management applications. The broad summary can be found at http://www.microsoft.com/technet/security/bulletin/winapr04.mspx Most of these vulnerabilities are new, but some of them are already known - as an example MS04-013 patches the massively exploited MHTML/CHM related vulnerabilities that was used by Ibiza, Bugbear.e and a wide range of trojans. In all, these 4 patches fix 20 vulnerabilities and replace 19 existing patches. MS04-011 ======== LSASS Vulnerability - CAN-2003-0533 LDAP Vulnerability - CAN-2003-0663 PCT Vulnerability - CAN-2003-0719 Winlogon Vulnerability - CAN-2003-0806 Metafile Vulnerability - CAN-2003-0906 Help and Support Center Vulnerability - CAN-2003-0907 Utility Manager Vulnerability - CAN-2003-0908 Windows Management Vulnerability - CAN-2003-0909 Local Descriptor Table Vulnerability - CAN-2003-0910 H.323 Vulnerability* - CAN-2004-0117 Virtual DOS Machine Vulnerability - CAN-2004-0118 Negotiate SSP Vulnerability - CAN-2004-0119 SSL Vulnerability - CAN-2004-0120 ASN.1 "Double Free" Vulnerability - CAN-2004-0123 MS04-012 ======== RPC Runtime Library Vulnerability - CAN-2003-0813 RPCSS Service Vulnerability - CAN-2004-0116 COM Internet Services (CIS) - RPC over HTTP Vulnerability - CAN-2003-0807 Object Identity Vulnerability - CAN-2004-0124 MS04-013 ======== MHTML URL Processing Vulnerability - CAN-2004-0380 MS04-014 ======== Jet Vulnerability - CAN-2004-0197 PivX Solutions is currently investigating these patches further. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@pivx.com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net>
