Microsoft released two new Security Bulletins- MS04-016 and MS04-017. Both are rated as only Moderate in criticality. MS04-016 is related to a denial-of-service (DoS) vulnerability in DirectPlay and MS04-017 is related to a vulnerability in the Crystal Reports web viewer.
Neither poses an exceptional security risk, but if you play online head-to-head games the DirectPlay vulnerability could be exploited to initiate a DoS against your system and force you out of the game.
One concern for this month is that, like in December of 2003 and January 2004 there appears to be undisclosed vulnerabilities (at least undisclosed by Microsoft, Secunia has an Advisory about them) in Internet Explorer which may already have an exploit in the wild but that Microsoft has not yet acknowledged or issued patches for. Microsoft eventually released a cumulative update for Internet Explorer, breaking their "second Tuesday" Security Bulletin release schedule to release it. Perhaps we can look for another out-of-sequence patch for Internet Explorer to fix these holes coming soon?
-
Microsoft Security Bulletin MS04-016
Vulnerability in DirectPlay Could Allow Denial of Service
Microsoft Criticality: Moderate
-
Microsoft Security Bulletin MS04-017
Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service
Microsoft Criticality: Moderate