Today, November 11th, 2003 Microsoft is releasing four new security bulletins, three of which carry a maximum severity rating of critical. These bulletins address vulnerabilities in Microsoft Windows and Office. Summaries for the bulletins released today may be found at the following pages.
http://www.microsoft.com/technet/security/bulletin/winnov03.asp
http://www.microsoft.com/technet/security/bulletin/offnov03.asp
Please also see below for each of the individual Microsoft Security Bulletins listed in the summaries above.
**********************************************************************
Microsoft Security Bulletin MS03-048
Title: Cumulative Security Update for Internet Explorer (824145)
Date: November 11, 2003
Software:
• Microsoft Windows 98
• Microsoft Windows 98 Second Edition
• Microsoft Windows Millennium Edition
• Microsoft Windows NT® Workstation 4.0 Service Pack 6a
• Microsoft Windows NT Server 4.0 Service Pack 6a
• Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
• Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
• Microsoft Windows XP, Microsoft Windows XP Service Pack 1
• Microsoft Windows XP 64-Bit Edition
• Microsoft Windows XP 64-Bit Edition Version 2003
• Microsoft Windows Server® 2003
• Microsoft Windows Server 2003, 64-Bit Edition
Affected Components:
• Internet Explorer 6 Service Pack 1
• Internet Explorer 6 Service Pack 1 (64-Bit Edition)
• Internet Explorer 6 Service Pack 1 for Windows Server 2003
• Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit Edition)
• Internet Explorer 6
• Internet Explorer 5.5 Service Pack 2
• Internet Explorer 5.01 Service Pack 4
• Internet Explorer 5.01 Service Pack 3
• Internet Explorer 5.01 Service Pack 2
Impact: Remote Code Execution
Maximum Severity Rating: Critical
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-048.asp
**********************************************************************
Microsoft Security Bulletin MS03-049
Title: Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
Date: November 11, 2003
Software:
• Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
• Microsoft Windows XP, Microsoft Windows XP Service Pack 1
• Microsoft Windows XP 64-Bit Edition
Note: The Windows XP security updates that released on October 15th as part of Security Bulletin MS03-043 (828035) include the updated file that helps protect from this vulnerability. If you have applied the Windows XP security updates for MS03-043 (828035) you do not have to reapply this update. However, the Windows 2000 security update that is released as part of this security bulletin contains updated files that were not part of the MS03-043 (828035) security bulletin. Customers have to apply this Windows 2000 security update even if they applied the Windows 2000 security updates for MS03-043 (828035).
Impact: Remote Code Execution
Maximum Severity Rating: Critical
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
**********************************************************************
Microsoft Security Bulletin MS03-050
Title: Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
Date: November 11, 2003
• Microsoft Excel 97Microsoft Excel 2000
• Microsoft Excel 2002
• Microsoft Word 97
• Microsoft Word 98(J)
• Microsoft Word 2000 and Microsoft Works Suite 2001
• Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004
Impact: Run code of attackers choice
Maximum Severity Rating: Important
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-050.asp
**********************************************************************
Microsoft Security Bulletin MS03-051
Title: Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Date: November 11, 2003
• Microsoft Windows 2000 Service Pack 2, Service Pack 3
• Microsoft Windows XP, Microsoft Windows XP Service Pack 1
• Microsoft Office XP, Microsoft Office XP Service Release 1
Impact: Remote Code Execution
Maximum Severity Rating: Critical
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp
*********************************************************************
Microsoft is also re-releasing Microsoft Security Bulletin MS02-050. Details regarding the re-release can be found below:
http://www.microsoft.com/technet/security/bulletin/MS02-050.asp
• V5.0 (November 11,2003): Bulletin updated to advise on the availability of a new security patch for customers who installed Windows 2000 Service Pack 4 and then installed Internet Explorer 6.0 Service Pack 1.
Customers are advised to review the bulletins and to test and deploy the associated patches in their environments, if applicable.
Microsoft will also be hosting a webcast tomorrow to address customer questions on these bulletins. For more information on this webcast please see below:
Information about Microsoft’s November Security Bulletins
11/12/2003 10:00 AM - 11:30 AM PST
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032239225&Culture=en-US
