Microsoft issued four today, and you should evaluate them carefully to ensure your systems are secure:
- MS04-004: Cumulative Security Update for Internet Explorer(832894)
- MS04-005: Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)
- MS04-006: Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
- MS04-007: ASN .1 Vulnerability Could Allow Code Execution (828028)
Code Execution means that someone else can run code on your machine, perhaps taking it over. Serious stuff. It’s the seventh week of the year. Trustworthy computing continues.
UPDATE:Wired News picks up on the story here: Microsoft: Oops! We Did It Again. “Six months after researchers warned Microsoft about critical security flaws in Windows, the software company alerts users to the problem and offers a patch on its website. One researcher calls the delay ‘just totally unacceptable.'” and the New York Times: Technology page features it:Microsoft Warns Software Users of ‘Critical’ Flaw. “Users of Microsofts operating system software have to patch their systems again, or their computers will be vulnerable to attacks.” NYT story by John Schwartz.