Home > Microsoft Security > Microsoft Security Bulletin Ms04-034

Microsoft Security Bulletin Ms04-034

The security bulletin ID and operating systems that are affected are listed in the table below. Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates. No user interaction is required, but installation status is displayed. For more information, see Microsoft Knowledge Base Article 824994. Source

What does the update do? This is the same as unattended mode, but no status or error messages are displayed. You can find additional information in the subsection, Deployment Information, in this section. Supported Spuninst.exe Switches SwitchDescription /help Displays the command-line options.

No. Note You can combine these switches into one command. The dates and times for these files are listed in coordinated universal time (UTC). Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. * By default, Outlook Express 6, Outlook

Otherwise, the installer copies the RTMGDR files to your system. FAQ for Virtual DOS Machine Vulnerability - CAN-2004-0208: What is the scope of the vulnerability? and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Compressed (zipped) Folders feature enables users to store data files and folders in a compressed (or zipped) format. For more information about SMS, visit the SMS Web site. Deployment Information To install the security update without any user intervention, use the following command at a command prompt for Windows NT Server 4.0: Windowsnt4server-kb873350-x86-enu /q For Windows NT Server 4.0 File Version Verification Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer.

System administrators can also use the Spuninst.exe utility to remove this security update. This vulnerability could also be used to attempt to perform a local elevation of privilege or a remote denial of service. Inclusion in Future Service Packs: The update for this issue will be included in Windows 2000 Service Pack 5. For more information about how to disable CIS, see Microsoft Knowledge Base Article 825819.

For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. Special Options /overwriteoem Overwrites OEM files without prompting. /nobackup Does not back up files needed for uninstall. /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the No interruption of visitors. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

No user interaction is required, but installation status is displayed. this contact form For more information about this behavior, see Microsoft Knowledge Base Article 824994. When this security bulletin was issued, had this vulnerability been publicly disclosed ? Credit: The information has been provided by Microsoft Product Security.

If you have any questions or need further information, please contact them directly. MS04-011 helps protect against the vulnerability that is discussed in that bulletin, but does not address this new vulnerability. Severity Ratings and Vulnerability Identifiers: Vulnerability IdentifiersImpact of VulnerabilityWindows NT 4.0 RPC Runtime Library Vulnerability - CAN-2004-0569Information DisclosureDenial of ServiceImportant This assessment is based on the types of systems that are http://justjoomla.net/microsoft-security/microsoft-security-bulletin-jan-2009.html Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied.

IT Professionals can visit the Security Center Web site. Windows XP Professional Service Pack 1, Windows XP Tablet PC Edition, Windows XP Media Center Edition, Windows XP Professional Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows XP Although Microsoft urges all customers to apply the patch there are a number of workarounds that you can apply in the interim to help block exploitation of this vulnerability.

Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates.

File Version Verification Because there are several editions of Microsoft Windows, the following steps may be different on your system. This is a privilege elevation vulnerability. Can I use Systems Management Server (SMS) to determine if this update is required? Otherwise, the installer copies the RTMGDR files to your system.

System Center Configuration Manager (SCCM) 2007 uses WSUS 3.0 for detection of updates. Caveats: None Localization: Localized versions of this patch are available at the locations discussed in "Patch Availability". Removal Information Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility located in the %Windir%\$NTUninstallKB948745$\Spuninst folder File Information See Microsoft Knowledge Base Article 948745 Registry Key Verification http://justjoomla.net/microsoft-security/microsoft-security-bulletin-ms02-030.html Note SMS uses the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin update detection and deployment.

The installer stops the required services, applies the update, and then restarts the services. Remote Procedure Call (RPC) is a protocol that the Windows operating system uses. For more information about SCCM 2007 Software Update Management, visit System Center Configuration Manager 2007. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry.

The update removes the vulnerability by modifying the way that Compressed (zipped) Folders validates the length of a message before it passes the message to the allocated buffer. What systems are primarily at risk from the vulnerability? The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB840987$\Spuninst folder. It is optimized for the Windows operating system.