Microsoft Security Bulletins

When Microsoft released their November 2004 Security Bulletins they did not acknowledge or address a vulnerability which had been announced the week prior. Exploiting the iFrame flaw in Internet Explorer could potentially allow an attacker to gain complete control of a victim's computer.

As of early November the flaw was already being exploited on the Internet and a new variant of the Mydoom worm, later renamed the Bofra worm by some antivirus vendors, took advantage of the vulnerability as well.

Microsoft broke their normal patch release schedule to put out a critical update for Internet Explorer. On the regularly scheduled monthly Security Bulletin release date, Tuesday, December 14, Microsoft released five more Security Bulletins.

• Microsoft Security Bulletin MS04-040
  Cumulative Security Update for Internet Explorer
  Microsoft Criticality: Critical
  
  • http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

• Microsoft Security Bulletin MS04-041
  Vulnerability in WordPad Could Allow Code Execution
  Microsoft Criticality: Important
  
  • http://www.microsoft.com/technet/security/bulletin/ms04-041.mspx

• Microsoft Security Bulletin MS04-042
  Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service
  Microsoft Criticality: Important
  
  • http://www.microsoft.com/technet/security/bulletin/ms04-042.mspx

• Microsoft Security Bulletin MS04-043
  Vulnerability in HyperTerminal Could Allow Code Execution
  Microsoft Criticality: Important
  
  • http://www.microsoft.com/technet/security/bulletin/ms04-043.mspx

• Microsoft Security Bulletin MS04-044
  Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege
  Microsoft Criticality: Important
  
  • http://www.microsoft.com/technet/security/bulletin/ms04-044.mspx

• Microsoft Security Bulletin MS04-045
  Vulnerability in WINS Could Allow Remote Code Execution
  Microsoft Criticality: Important
  
  • http://www.microsoft.com/technet/security/bulletin/ms04-045.mspx