Redbeard's Place...MS Security 2004

Win 95/98/ME/NT/2000/XP
Microsoft Security Bulletin Center - 2004

Subscribe to the Microsoft Security Notification Service

Microsoft Security Bulletin MS04-001
Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)

Affected Software:
Microsoft Internet Security and Acceleration Server 2000
Microsoft Small Business Server 2000 (which includes Microsoft Internet Security and Acceleration Server 2000)
Microsoft Small Business Server 2003 (which includes Microsoft Internet Security and Acceleration Server 2000)

Non Affected Software:
Microsoft Proxy Server 2.0
Microsoft Security Bulletin MS04-002
Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)

Affected Software:
Microsoft Exchange Server 2003

Non Affected Software:
Microsoft Exchange 2000 Server
Microsoft Exchange Server 5.5
Microsoft Security Bulletin MS04-003
Buffer Overrun in MDAC Function Could Allow Code Execution (832483)

Affected Software:
Microsoft Data Access Components 2.5 (included with Microsoft Windows 2000)
Microsoft Data Access Components 2.6 (included with Microsoft SQL Server 2000)
Microsoft Data Access Components 2.7 (included with Microsoft Windows XP)
Microsoft Data Access Components 2.8 (included with Microsoft Windows Server 2003)

Non Affected Software:
NONE
Microsoft Security Bulletin MS04-004
Cumulative Security Update for Internet Explorer (832894)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition, SP 6
Microsoft Windows 2000 SP 2, SP 3, SP 4
Microsoft Windows XP, Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server® 2003
Microsoft Windows Server 2003, 64-Bit Edition

Affected Components:
Internet Explorer 6 SP 1
Internet Explorer 6 SP 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
Internet Explorer 6
Internet Explorer 5.5 SP 2
Internet Explorer 5.01 SP 4
Internet Explorer 5.01 SP 3
Internet Explorer 5.01 SP 2
Microsoft Security Bulletin MS04-005
Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)

Affected Software:
Microsoft Virtual PC for Mac version 6.0
Microsoft Virtual PC for Mac version 6.01
Microsoft Virtual PC for Mac version 6.02
Microsoft Virtual PC for Mac version 6.1

Non Affected Software:
NONE
Microsoft Security Bulletin MS04-006
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)

Affected Software:
Microsoft Windows NT® Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 Server SP 2
Microsoft Windows 2000 Server SP 3
Microsoft Windows 2000 Server SP 4
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition

Non Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows 2000 Professional SP 2
Microsoft Windows 2000 Professional SP 3
Microsoft Windows 2000 Professional SP 4
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows XP 64-Bit Edition Version 2003 SP 1
Microsoft Security Bulletin MS04-007
ASN.1 Vulnerability Could Allow Code Execution (828028)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft 2000 Windows SP 4
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows XP 64-Bit Edition Version 2003 SP 1
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition

Affected Components:
Microsoft ASN.1 Library
Microsoft Security Bulletin MS04-008
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)

Affected Software:
Microsoft Windows 2000 Server SP 2
Microsoft Windows 2000 Server SP 3
Microsoft Windows 2000 Server SP 4

Non Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 Professional SP 2
Microsoft Windows 2000 Professional SP 3
Microsoft 2000 Professional SP 4
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition

Affected Components:
Windows Media Services 4.1 (included with Microsoft Windows 2000 Server)

Non Affected Components:
Windows Media Services 9.0 Series (included with Microsoft Windows Server 2003)
Windows Media Services 4.1 (available for download for Windows NT4 Server)
Microsoft Security Bulletin MS04-009
Vulnerability in Microsoft Outlook Could Allow Code Execution (828040)

Affected Software:
Microsoft Office XP SP 2
Microsoft Outlook 2002 SP 2

Non Affected Components:
Microsoft Office 2000 SP 3
Microsoft Office XP SP 3
Microsoft Office 2003
Microsoft Outlook 2000 SP 3
Microsoft Outlook 2002 SP 3
Microsoft Outlook 2003
Microsoft Security Bulletin MS04-010
Vulnerability in MSN Messenger Could Allow Information Disclosure (838512)

Affected Software:
Microsoft MSN Messenger 6.0
Microsoft MSN Messenger 6.1

Non Affected Components:
Microsoft Office 2000 SP 3
Microsoft Office XP SP 3
Microsoft Office 2003
Microsoft Outlook 2000 SP 3
Microsoft Outlook 2002 SP 3
Microsoft Outlook 2003
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft NetMeeting
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Security Bulletin MS04-012
Cumulative Update for Microsoft RPC/DCOM (828741)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Security Bulletin MS04-013
Cumulative Security Update for Outlook Express(837009)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)

Affected Components:
Microsoft Outlook Express 5.5 SP2
Microsoft Outlook Express 6
Microsoft Outlook Express 6 SP1
Microsoft Outlook Express 6 SP1 (64 bit Edition)
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
Microsoft Security Bulletin MS04-014
Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)

Affected Components:
Microsoft Jet Database Engine version 4.0
Microsoft Security Bulletin MS04-015
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)

Affected Software:
Microsoft Windows XP
Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition

NON- Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Security Bulletin MS04-016
Vulnerability in DirectPlay Could Allow Denial of Service (839643)

Affected Software:
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (Me)

NON - Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6

Affected Components:
Microsoft DirectX® 7.0a, 7.1, 8.1, 8.1a, 8.1b, 8.2, 9.0, 9.0a, 9.0b on Windows 98, Windows 98 Second Edition, Windows Millennium
Microsoft DirectX® 8.0, 8.0a, when installed on Windows 2000
Microsoft DirectX® 8.1, 8.1a, 8.1b when installed on Windows 2000
Microsoft DirectX® 8.2 when installed on Windows 2000, or Windows XP
Microsoft DirectX® 9.0, 9.0a, 9.0b when installed on Windows 2000, Windows XP, or Windows Server 2003

NON - Affected Components:
Microsoft DirectX 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 Second Edition
Windows Media Player 6.4 or Internet Explorer 6 SP 1 when installed on Microsoft Windows NT 4.0
Windows Media Player 6.4 or Internet Explorer 6 SP 1 when installed on Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Security Bulletin MS04-017
Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689)

Affected Software:
Visual Studio .NET 2003
Outlook 2003 with Business Contact Manager
Microsoft Business Solutions CRM 1.2

NON- Affected Software:
All other supported versions of Visual Studio, Outlook, and Microsoft Business Solutions CRM.
Microsoft Security Bulletin MS04-018
Cumulative Security Update for Outlook Express (823353)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2, Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
Microsoft Outlook Express 5.5 SP 2
Microsoft Outlook Express 6
Microsoft Outlook Express 6 SP 1
Microsoft Outlook Express 6 SP 1 (64 bit Edition)
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
Microsoft Security Bulletin MS04-019
Vulnerability in Utility Manager Could Allow Code Execution (842526)

Affected Software:
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4

NON- Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Microsoft Security Bulletin MS04-020
Vulnerability in POSIX Could Allow Code Execution (841872)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2, Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4

NON- Affected Software:
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Microsoft Security Bulletin MS04-021
Security Update for IIS 4.0 (841373)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a

NON- Affected Software:
Microsoft Windows 2000 SP 2, Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Microsoft Security Bulletin MS04-022
Vulnerability in Task Scheduler Could Allow Code Execution (841873)

Affected Software:
Microsoft Windows 2000 SP 2
Microsoft Windows 2000 SP 3
Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1

NON- Affected Software:
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Affected Components:
Internet Explorer 6 SP 1 when installed on Windows NT 4.0 SP6a (Workstation, Server, or Terminal Server Edition).
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)

Affected Software:
Microsoft Windows 2000 SP 2, Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

NON- Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6

Affected Components:
Internet Explorer 6.0 SP 1 when installed on Windows NT 4.0 SP6a (Workstation, Server, or Terminal Server Edition).
Microsoft Security Bulletin MS04-024
Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows NT® Workstation 4.0 SP 6a and NT Server 4.0 SP 6a with Active Desktop
Microsoft Windows 2000 SP 2, Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.
Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

Affected Software:
Microsoft Windows NT® Workstation 4.0 SP 6a
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 2, Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
Internet Explorer 5.01 SP 2
Internet Explorer 5.01 SP 3
Internet Explorer 5.01 SP 4
Internet Explorer 5.5 SP 2
Internet Explorer 6
Internet Explorer 6 SP 1
Internet Explorer 6 SP 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
Microsoft Security Bulletin MS04-026
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)

Affected Software:
Microsoft Exchange Server 5.5 SP4

NON- Affected Software:
Microsoft Exchange 2000 Server
Microsoft Exchange Server 2003

Affected Components:
Outlook Web Access
Microsoft Security Bulletin MS04-027
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

Affected Software:
Microsoft Office 2000 Software SP 3
Microsoft Office XP Software SP 3
Microsoft Office 2003
Microsoft Works Suites 2001, 2002, 2003, 2004

NON Affected Software:
Microsoft Office 2003 SP 1
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Affected Software:
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Office XP SP 3
Microsoft Office 2003
Microsoft Project 2002 SP 1 (all versions)
Microsoft Project 2003 (all versions)
Microsoft Visio 2002 SP 2 (all versions)
Microsoft Visio 2003 (all versions)
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003
The Microsoft .NET Framework version 1.0 SDK SP 2
Microsoft Picture It!® 2002 (all versions)
Microsoft Greetings 2002
Microsoft Picture It! version 7.0 (all versions)
Microsoft Digital Image Pro version 7.0
Microsoft Picture It! version 9 (all versions, including Picture It! Library)
Microsoft Digital Image Pro version 9
Microsoft Digital Image Suite version 9
Microsoft Producer for Microsoft Office PowerPoint (all versions)
Microsoft Platform SDK Redistributable: GDI+

NON Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4
Microsoft Windows XP SP 2
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Microsoft Office 2003 SP 1
Microsoft Office 2000
Microsoft Visio 2003 SP 1
Microsoft Visio 2000
Microsoft Project 2003 SP 1
Microsoft Project 2000
Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10, Picture It! Premium 10

Affected Components:
Internet Explorer 6 SP 1
The Microsoft .NET Framework version 1.0 SP 2
The Microsoft .NET Framework version 1.1

NON Affected Components:
Internet Explorer 5.01 SP 3 on Windows 2000 SP 3
Internet Explorer 5.01 SP 4 on Windows 2000 SP 4
Internet Explorer 5.5 SP 2 on Microsoft Windows Millennium Edition
The Microsoft .NET Framework version 1.0 SP 3
The Microsoft .NET Framework version 1.1 SP 1
The Microsoft .NET Framework version 1.1 SP 1 for Windows Server 2003
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Affected Software:
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Office XP SP 3
Microsoft Office 2003
Microsoft Project 2002 SP 1 (all versions)
Microsoft Project 2003 (all versions)
Microsoft Visio 2002 SP 2 (all versions)
Microsoft Visio 2003 (all versions)
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003
The Microsoft .NET Framework version 1.0 SDK SP 2
Microsoft Picture It!® 2002 (all versions)
Microsoft Greetings 2002
Microsoft Picture It! version 7.0 (all versions)
Microsoft Digital Image Pro version 7.0
Microsoft Picture It! version 9 (all versions, including Picture It! Library)
Microsoft Digital Image Pro version 9
Microsoft Digital Image Suite version 9
Microsoft Producer for Microsoft Office PowerPoint (all versions)
Microsoft Platform SDK Redistributable: GDI+

NON Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3, Microsoft Windows 2000 SP 4
Microsoft Windows XP SP 2
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Microsoft Office 2003 SP 1
Microsoft Office 2000
Microsoft Visio 2003 SP 1
Microsoft Visio 2000
Microsoft Project 2003 SP 1
Microsoft Project 2000
Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10, Picture It! Premium 10

Affected Components:
Internet Explorer 6 SP 1
The Microsoft .NET Framework version 1.0 SP 2
The Microsoft .NET Framework version 1.1

NON Affected Components:
Internet Explorer 5.01 SP 3 on Windows 2000 SP 3
Internet Explorer 5.01 SP 4 on Windows 2000 SP 4
Internet Explorer 5.5 SP 2 on Microsoft Windows Millennium Edition
The Microsoft .NET Framework version 1.0 SP 3
The Microsoft .NET Framework version 1.1 SP 1
The Microsoft .NET Framework version 1.1 SP 1 for Windows Server 2003
Microsoft Security Bulletin MS04-029
Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)

Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6

NON Affected Software:
Microsoft Windows 2000 SP 3 and Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP SP 2
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Microsoft Security Bulletin MS04-030
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)

Affected Software:
Microsoft Windows 2000 SP 3 and Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition

NON Affected Software:
Microsoft Windows XP SP 2
Microsoft Windows NT Server 4.0 SP 6
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Affected Components:
Internet Information Services 5.0
Internet Information Services 5.1
Internet Information Services 6.0

NON Affected Components:
Internet Information Server 4.0
Microsoft Security Bulletin MS04-031
Vulnerability in NetDDE Could Allow Remote Code Execution (841533)

Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3 and Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

NON Affected Software:
Microsoft Windows XP SP 2
Microsoft Security Bulletin MS04-032
Security Update for Microsoft Windows (840987)

Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3 and Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

NON Affected Software:
Microsoft Windows XP SP 2
Microsoft Security Bulletin MS04-033
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)

Affected Software:
Microsoft Office 2000 Software SP 3
Microsoft Office 2000 SP 3 Software:
• Excel 2000
Microsoft Office XP Software SP 2
Microsoft Office XP Software:
• Excel 2002
Microsoft Office 2001 for Mac
Microsoft Office 2001 for Mac:
• Excel 2001 for Mac
Microsoft Office v. X for Mac
Microsoft Office v. X for Mac:
• Excel v. X for Mac

NON Affected Software:
Microsoft Office XP SP 3
Microsoft Office Excel 2003
Microsoft Office 2003 SP 1
Microsoft Excel 2004 for Mac
Microsoft Security Bulletin MS04-034
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

Affected Software:
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition

NON Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3 and Microsoft Windows 2000 SP 4
Microsoft Windows XP SP 2
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Microsoft Security Bulletin MS04-035
Vulnerability in SMTP Could Allow Remote Code Execution (885881)

Affected Software:
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 SP 1 when installed on Microsoft Windows Server 2003 (uses the Windows 2003 SMTP component)
Microsoft Exchange Server 2003 when installed on Microsoft Windows 2000 SP 3 or Microsoft Windows 2000 SP 4

NON Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3 or Microsoft Windows 2000 SP 4
Microsoft Windows XP, Microsoft Windows XP SP 1, and Microsoft Windows XP SP 2
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Microsoft Exchange Server 5.0 SP 2
Microsoft Exchange Server 5.5 SP 4
Microsoft Exchange 2000 Server SP 3
Microsoft Exchange Server 2003 SP 1 when installed on Microsoft Windows 2000 SP 3 or Microsoft Windows 2000 SP 4

Affected Components:
Microsoft Windows XP 64-Bit Edition Version 2003 SMTP component
Microsoft Windows Server 2003 SMTP component
Microsoft Windows Server 2003 64-Bit Edition SMTP component
Microsoft Exchange Server 2003 Routing Engine component
Microsoft Security Bulletin MS04-036
Vulnerability in NNTP Could Allow Remote Code Execution (883935)

Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows 2000 Server SP 3 and Microsoft Windows 2000 Server SP 4
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Exchange 2000 Server SP 3 (Uses the Windows 2000 NNTP component)
Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 SP 1 (Uses the Windows 2000 or Windows Server 2003 NNTP component)

NON Affected Software:
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 Professional SP 3 and Microsoft Windows 2000 Professional SP 4
Microsoft Windows XP SP 1 and Microsoft Windows XP SP 2
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Microsoft Exchange Server 5.0 SP 2
Microsoft Exchange Server 5.5 SP 4

Affected Components:
Microsoft Windows NT Server 4.0 SP 6a NNTP component
Microsoft Windows 2000 Server SP 3 NNTP component and Microsoft Windows 2000 Server SP 4 NNTP component
Microsoft Windows Server 2003 NNTP Component
Microsoft Windows Server 2003 64-Bit Edition NNTP Component
Microsoft Security Bulletin MS04-037
Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)

Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3 and Microsoft Windows 2000 SP 4
Microsoft Windows XP and Microsoft Windows XP SP 1
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

NON Affected Software:
Microsoft Windows XP SP 2
Microsoft Security Bulletin MS04-038
Cumulative Security Update for Internet Explorer (834707)

Affected Software:
Microsoft Windows NT Server 4.0 SP 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition SP 6
Microsoft Windows 2000 SP 3 and Microsoft Windows 2000 SP 4
Microsoft Windows XP, Microsoft Windows XP SP 1, and Microsoft Windows XP SP 2
Microsoft Windows XP 64-Bit Edition SP 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
Internet Explorer 5.01 SP 3 on Windows 2000 SP3
Internet Explorer 5.01 SP 4 on Windows 2000 SP4
Internet Explorer 5.5 SP 2 on Microsoft Windows Me
Internet Explorer 6 on Windows XP
Internet Explorer 6 SP 1 on Microsoft Windows 2000 SP 3, on Microsoft Windows 2000 SP 4, on Microsoft Windows XP, or on Microsoft Windows XP SP 1
Internet Explorer 6 SP 1 on Microsoft Windows NT Server 4.0 SP 6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition SP 6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me
Internet Explorer 6 for Windows XP SP 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
Internet Explorer 6 for Windows XP SP 2
Microsoft Security Bulletin MS04-039
Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)

Affected Software:
Microsoft Proxy Server 2.0 Service Pack 1
Microsoft Internet Security and Acceleration Server 2000 Service Pack 1
Microsoft Internet Security and Acceleration Server 2000 Service Pack 2

NON Affected Software:
Microsoft Internet Security and Acceleration (ISA) Server 2004
Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293)

Affected Software:
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

NON Affected Software:
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition

Affected Components:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me
Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)

NON Affected Components:
Internet Explorer 5.01 Service Pack 3 on Windows 2000 SP3
Internet Explorer 5.01 Service Pack 4 on Windows 2000 SP4
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
Internet Explorer 6 for Windows XP Service Pack 2
Microsoft Security Bulletin MS04-041
Vulnerability in WordPad Could Allow Code Execution (885836)

Affected Software:
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.
Microsoft Security Bulletin MS04-042
Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249)

Affected Software:
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

NON Affected Software:
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Microsoft Security Bulletin MS04-043
Vulnerability in HyperTerminal Could Allow Code Execution (873339)

Affected Software:
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition

NON Affected Software:
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Affected Software:
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition

NON Affected Software:
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution (870763)

Affected Software:
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition

NON Affected Software:
Microsoft Windows 2000 Professional Service Pack 3
Microsoft Windows 2000 Professional Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

GOTO:   Microsoft Security Bulletin Center - 2000
GOTO:   Microsoft Security Bulletin Center - 2001
GOTO:   Microsoft Security Bulletin Center - 2002
GOTO:   Microsoft Security Bulletin Center - 2003
GOTO:   Microsoft Security Bulletin Center - 2005
GOTO:   Microsoft Security Bulletin Center - 2006
GOTO:   Microsoft Security Bulletin Center - 2007
GOTO:   Microsoft Security Bulletin Center - 2008

Subscribe to the Microsoft Security Notification Service

Microsoft Security Bulletin MS04-001

Microsoft Security Bulletin MS04-002

Microsoft Security Bulletin MS04-003

Microsoft Security Bulletin MS04-004

Microsoft Security Bulletin MS04-005

Microsoft Security Bulletin MS04-006

Microsoft Security Bulletin MS04-007

Microsoft Security Bulletin MS04-008

Microsoft Security Bulletin MS04-009

Microsoft Security Bulletin MS04-010

Microsoft Security Bulletin MS04-011

Microsoft Security Bulletin MS04-012

Microsoft Security Bulletin MS04-013

Microsoft Security Bulletin MS04-014

Microsoft Security Bulletin MS04-015

Microsoft Security Bulletin MS04-016

Microsoft Security Bulletin MS04-017

Microsoft Security Bulletin MS04-018

Microsoft Security Bulletin MS04-019

Microsoft Security Bulletin MS04-020

Microsoft Security Bulletin MS04-021

Microsoft Security Bulletin MS04-022

Microsoft Security Bulletin MS04-023

Microsoft Security Bulletin MS04-024

Microsoft Security Bulletin MS04-025

Microsoft Security Bulletin MS04-026

Microsoft Security Bulletin MS04-027

Microsoft Security Bulletin MS04-028

Microsoft Security Bulletin MS04-028

Microsoft Security Bulletin MS04-029

Microsoft Security Bulletin MS04-030

Microsoft Security Bulletin MS04-031

Microsoft Security Bulletin MS04-032

Microsoft Security Bulletin MS04-033

Microsoft Security Bulletin MS04-034

Microsoft Security Bulletin MS04-035

Microsoft Security Bulletin MS04-036

Microsoft Security Bulletin MS04-037

Microsoft Security Bulletin MS04-038

Microsoft Security Bulletin MS04-039

Microsoft Security Bulletin MS04-040

Microsoft Security Bulletin MS04-041

Microsoft Security Bulletin MS04-042

Microsoft Security Bulletin MS04-043

Microsoft Security Bulletin MS04-044

Microsoft Security Bulletin MS04-045