Security Patches for Microsoft Windows Products

Patch
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)- September 28, 2004
PATCH REQUIRED FOR CMU COMPUTERS Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) This is a critical vulnerability that needs to be patched as soon as possible. There are active exploits starting to circulate. The OS and IE patches are being distributed via SMS. Office 2003 should be updated via reinstallation from SMS. Some of the MS products are not able to be patched via SMS and will need to be updated manually. The Microsoft Windows Update and Office Update sites should be able to patch most of the affected components. There are also third-party products that can have the affected DLLs that will need to be identified and updated manually with patches from their respective vendors. Unfortunately this is not a service that SMS can provide. SANS GDI+ SCANNER: Here is a third-party scanner that will search your hard drive(s) for all instances of the affected DLLs and indicate the ones that are vulnerable. They provide both a GUI version and a command-line version that should be able to be scripted if you wish. http://isc.sans.org/gdiscan.php Recommendation: Customers should apply the update immediately. Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information.
Affected Systems Given below is a list of affected systems. Please visit the Microsoft site and download the patch there. Microsoft Windows XP and Microsoft Windows XP Service Pack 1 Microsoft Windows XP 64-Bit Edition Service Pack 1 Microsoft Windows XP 64-Bit Edition Version 2003 Microsoft Windows Server™ 2003 Microsoft Windows Server 2003 64-Bit Edition Microsoft Office XP Service Pack 3 Microsoft Office XP Service Pack 2 Microsoft Office 2003 Microsoft Project 2002 (all versions) and Microsoft Project 2002 Service Pack 1 (all versions) Microsoft Project 2003 (all versions) Microsoft Visio 2002 Service Pack 1 (all versions) and Microsoft Visio 2002 Service Pack 2 (all versions) Microsoft Visio 2003 (all versions) Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2003 The Microsoft .NET Framework version 1.0 SDK Service Pack 2 Microsoft Picture It!® 2002 (all versions) Microsoft Greetings 2002 Microsoft Picture It! version 7.0 (all versions) Microsoft Digital Image Pro version 7.0 Microsoft Picture It! version 9 (all versions, including Picture It! Library) Microsoft Digital Image Pro version 9 Microsoft Digital Image Suite version 9 Microsoft Producer for Microsoft Office PowerPoint (all versions) Microsoft Platform SDK Redistributable: GDI+
Patch Installation Instructions: Download the patch version pertaining to your operating system (see Which version of Windows do I have?) and save to your Desktop. When the download is complete, close all windows and double-click on the downloaded patch file located on the Desktop. After installation of the patch, restart your machine.

Patch
ASN.1 Vulnerability Could Allow Code Execution - February 10, 2004
PATCH REQUIRED FOR CMU COMPUTERS Microsoft Security Bulletin MS04-007 - ASN.1 Vulnerability Could Allow Code Execution (828028) A security issue has been identified in Microsoft Windows-based systems that could allow an attacker to compromise your Microsoft Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may need to restart your computer. Recommendation: Systems administrators should apply the update immediately. Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.
Affected Systems Clicking on the system below prompts you to download a locally stored version of the patch. Alternatively, you can visit the Microsoft site and download the patch there. Microsoft Windows NT® Workstation 4.0 Service Pack 6a Microsoft Windows NT Server 4.0 Service Pack 6a Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft 2000 Windows Service Pack 4 Microsoft Windows XP, Microsoft Windows XP Service Pack 1 Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1 Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1 Microsoft Windows Server™ 2003 Microsoft Windows Server 2003 64-Bit Edition
Patch Installation Instructions: Download the patch version pertaining to your operating system (see Which version of Windows do I have?) and save to your Desktop. When the download is complete, close all windows and double-click on the downloaded patch file located on the Desktop. After installation of the patch, restart your machine.

Patch
Buffer Overflow in the Messenger Service - October 15, 2003
PATCH REQUIRED FOR CMU COMPUTERS Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035) This bulletin is in regards to a buffer overflow in the Messenger Service. This service vulnerable and is turned on by default on all versions of Windows from Windows NT 4.0 through Windows XP. Windows 2003 Server is also vulnerable, but the service is disabled by default. Windows 9x/Me does not appear to be vulnerable. This vulnerability is VERY serious and the general feeling of the security community is that this is a prime candidate for exploitation via a worm. As such, IT is recommending patching all systems that are vulnerable. If you are unable to patch at this time you should stop & disable the Messenger service.
Affected Systems Microsoft Windows NT Workstation 4.0, Service Pack 6a Microsoft Windows NT Server 4.0, Service Pack 6a Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 Microsoft Windows 2000, Service Pack 2 Microsoft Windows 2000, Service Pack 3, Service Pack 4 Microsoft Windows XP Gold, Service Pack 1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows Server 2003 Microsoft Windows Server 2003 64-bit Edition Operating systems NOT affected: Microsoft Windows Millennium Edition Windows 9x Download:
Buffer Overrun Patch: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-043.asp Users should also download and apply these security patches, which were announced on the same date. http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-041.asp http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-042.asp http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-044.asp http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-045.asp
Patch Installation Instructions: Download the patch version pertaining to your operating system (see Which version of Windows do I have?) and save to your Desktop. When the download is complete, close all windows and double-click on the downloaded patch file located on the Desktop. After installation of the patch, restart your machine.

Patch	Associated Microsoft Articles
RPC Patch - September 10, 2003
URGENT PATCH REQUIRED FOR CMU COMPUTERS Microsoft has announced a new vulnerability in several of its operating systems. This is a serious vulnerability and is very similar to that which was exploited by the recent Blaster virus. To avoid the potential spread of malicious viruses, all CMU computers must be updated immediately. Computers connected to SMS will receive the required patch automatically. Users choosing to install the patch themselves may download it from this page. (These patches are also available directly from Microsoft.) It is imperative that students download and install this patch. Should a machine become infected with a virus, users risk having their network access shut down until it has been verified that the virus has been eliminated from their computer, a process that may take several weeks to complete. For assistance, contact your departmental technician or the information technology help desk at 774-3662.
Download patch:	Additional Information:
Windows XP	Microsoft Security Bulletin MS03-039 - Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Windows 2000
NT 4 Workstation
NT 4 Server
Windows Server 2003
Operating systems NOT affected by this issue: Windows Millennium (Windows Me) Windows 98 Windows 98 Second Edition (SE) Windows 95
RPC Patch Installation Instructions: Download the patch version pertaining to your operating system (see Which version of Windows do I have?) and save to your Desktop. When the download is complete, close all windows and double-click on the downloaded patch file located on the Desktop. After installation of the patch, restart your machine. Sys Admins/Technicians: How to Tell if RPC Patches Are Installed Download and install the scanning tool DCOM-KB827363-X86-ENU.exe (aka KB824146Scan.exe) (see MS Knowledgebase Article 827363 ("How to Use the KB 824146 Scanning Tool to Identify Host Computers That Do Not Have the 823980 (MS03-026) and the 824146 (MS03-039) Security Patches Installed").