Exploits
confirmed for recent Microsoft vulnerabilities 16 April 2004
As a follow up to the advisory released
by Microsoft (MS04-011 to MS04-014, released 13 April 2004), this note
is to confirm the existance of
working exploits related to at least some of these
vulnerabilities. In addition to system compromises, it is
entirely likely that a new worm will be created to take advantage of
one of these flaws in the near future. *APPLY PATCHES NOW*
Systems using the SUS service or Windows Update to automatically apply
patches should already be updated. Information on using these
services can be found here:
The Microsoft security bulletin released this tuesday included 4
patches which correct a total of 20 different security vulnerabilities
all versions of Microsoft Windows including NT4, 2000, XP, 2003
server. Also included is an Outlook Express/Internet Explorer
vulnerability which is present in versions of Windows including 98, ME,
NT4, 2000, XP, 2003 server.
At least 8 of the 20 vulnerabilities are of the nature which can lead
to remote code execution - the most severe type of vulnerability which
can be used by intruders to gain direct access to a system, or by
viruses or worms to infect systems.
Questions or concerns about this
should be directed to the CNS Helpdesk in the Computing Commons,
William Small Centre, (voice: 416-736-5800, email: helpdesk@yorku.ca).
