Computer Advisory Notification

Home Table of Contents News Archive CANs Subscribe Products Services Promotions Pricing & Policies About Us Contact Us Links Search This Site Employee Intranet

CAN20040218d
Microsoft February 2004 Updates

Microsoft Issues Two Critical Updates For Windows, Internet Explorer

Dates & Revisions

  • Original CAN date: February 18, 2004
  • Latest revision: February 18, 2004

Systems Affected

  • Microsoft Windows 98 (only issue #2 below)
  • Microsoft Windows 98 Second Edition (only issue #2 below)
    •
  • Microsoft Windows ME (only issue #2 below)
  • Microsoft Windows NT 4.0 (issues #1 and 2 below)
  • Microsoft Windows NT 4.0 Terminal Server Edition (issues #1 and 2 below)
  • Microsoft Windows 2000  (issues #1 and 2 below)
  • Microsoft Windows XP (issues #1 and 2 below)
  • Microsoft Windows Server 2003 (issues #1 and 2 below)
  • Microsoft Internet Explorer versions 5.01, 5.5, and 6.0 (only issue #2 below)
    •

Problem Overview

In an attempt to make patch management easier for its operating systems and chief server products, Microsoft issues monthly compilations of its security patches. For February 2004, Microsoft has issued two patches - one for the operating systems listed above, and one for its popular Internet Explorer web browser. Each of these patches fixes problems which Microsoft has deemed as critical.

Since each of our clients is certain to have at least one of the affected systems on their computer, we urge you to carefully review all of the information below and correct all problems which pertain to your computer.

1. ASN .1 Vulnerability Could Allow Code Execution - In certain situations, a remote user could be authenticated to execute code on your PC with elevated privileges. Source code demonstrating how to take advantage of this vulnerability has already been discovered on various hacker-related web sites, prompting security companies to issue warnings of a forthcoming attack.

2. Internet Explorer February 2004 Cumulative Security Update - Fix the latest security loopholes in Internet Explorer which would allow an attacker to execute code on your machine while visiting a malicious web site. You do not have to be using IE as your default web browser to be vulnerable to the latest discovered security flaws.

Problem Details

For detailed technical descriptions of the problem, please review the following links:

Please note that the organizations controlling the content of the web sites referenced by these links may periodically update the information on their sites as new details about the severity of the threat become known.

What Should I Do?

You should immediately:

  • review the bulletins listed above and
  • download and apply all Microsoft patches listed above which apply to your system.

What If I Am Unable To Fix The Problem?

If you are unable to correct these problems yourself or are unsure how to proceed, contact Logical Operators by clicking here and arrange to have one of our service technicians check your system and apply the corrections for you (standard service fees will apply). In addition to correcting the problem(s) listed in this CAN, our technicians can also test your system for thousands of other known threats which may be present on your system, make valuable recommendations on securing your system from future threats, and perform numerous other computing services.

Related Information:
 

Recent CAN Newsletters:
 

Recent CANs:

 

If You Are On A Managed Network...

If your computer is on a managed network, you should contact your network administrator before making any changes to your system to ensure that your changes will not conflict with other network services.

What Is A CAN?

You can read an overview of Computer Advisory Notifications by visiting the CANs home page. Complete instructions on how to subscribe to the CANs mailing list (and how to unsubscribe) are also listed there.

If you know of other computer users who would find this information useful, please forward a link to this page or your original CANs e-mail to them.