|
Security...
Microsoft
Security Bulletin Update
October
29, 2004
The
list of Microsoft updates released in the October cycle
includes:
|
| MS04-029 |
Vulnerability
in RPC Runtime Library Could Allow Information
Disclosure and Denial of Service (873350) |
| MS04-030 |
Vulnerability
in WebDav XML Message Handler Could Lead to a
Denial of Service (824151) |
| MS04-031 |
Vulnerability
in NetDDE Could Allow Remote Code Execution
(841533) |
| MS04-032 |
Security
Update for Microsoft Windows (840987) |
| MS04-033 |
Vulnerability
in Microsoft Excel Could Allow Remote Code
Execution
(886836) |
| MS04-034 |
Vulnerability
in Compressed (zipped) Folders Could Allow Remote
Code Execution (873376) |
| MS04-035 |
Vulnerability
in SMTP Could Allow Remote Code Execution
(885881) |
| MS04-036 |
Vulnerability
in NNTP Could Allow Remote Code Execution
(883935) |
| MS04-037 |
Vulnerability
in Windows Shell Could Allow Remote Code
Execution
(841356) |
| MS04-038 |
Cumulative
Security Update for Internet Explorer (834707) |
|
NONE
of the October patches are deemed a CRITICAL risk to RALS
systems when the systems are configured and used as intended.
MAS has
reviewed all of the October security updates issued by Microsoft
for risk to the various RALS products.
All of the applicable October patches are being included
in the on-going testing of the next release of the RALS-Plus
software and are expected to be included in the next standard
RALS-Plus configuration when released.
|
|
MAS has done limited testing
of these patches with some versions of existing RALS
products (including RALS-G and RALS-Lite) and with the
upcoming version of RALS-Plus -- no problems have been
observed to date in any of the in-house testing. |
| |
No customer problem
reports have been received or found to be related to the
application of these updates where appropriate.
|
| |
It
is important to note that some of the October security
updates apply to vulnerabilities that may exist in Microsoft
Windows NT 4 operating systems - either in Windows NT 4
Server and/or Windows NT 4 Workstation |
| |
Microsoft
provides security update services for operating system
products until the end of the product life-cycle phase that
Microsoft calls "Extended Support" |
| |
Windows
NT 4 Workstation reached the end of the "Extended
Support" phase as of June 30, 2004; the extended
support period for Windows NT 4 Server will end on December
31 2004. For
products that are past the "Extended Support"
phase of the life-cycle, Microsoft does not publicly release
vulnerability analysis information or make security patches
available. Thus, for the October 2004 security updates, no updates were
provided for the Windows NT 4 Workstation OS, while updates
were provided for Windows NT 4 Server OS. |
| |
Some
RALS products (RALS-G and the IMS system for RALS-Lite) were
originally supplied with a version of Windows NT 4 as the
operating system - including some types of RALS systems
using the Windows NT 4 Workstation OS |
| |
Customers
who wish to have Microsoft security updates available for
potential new threats and who are using products based on
the Windows NT 4 OS are urged to speak to their MAS
representative about upgrading to the current RALS-Plus
product line which does not use the Windows NT 4 operating
system |
|