Microsoft Security Bulletin MS04-011 (Critical) Updated 05/13/04 10:45am

Microsoft has released Microsoft Security Bulletin MS04-011 that addresses remote code execution, denial of service and privilege execution attacks on services and components used by Microsoft. The impact of these vulnerabilities may allow arbitary remote code execution and control of the compromised system. The services and components that can be exploited are listed below:

• Local Security Authority Subsystem Service (LSASS)
• Lightweight Directory Access Protocol (LDAP)
• Private Communication Technology (PCT)
• Utility Manager is an accessibility utility
• Windows logon process (Winlogon)
• Metafile
• Help and Support Center
• Windows Management
• Local Descriptor Table (LDT)
• H.323 protocol
• Virtual DOS Machine
• Negotiate SSP interface
• Microsoft Secure Sockets Layer library
• Abstract Syntax Notation 1 (ASN.1)

Microsoft released patches for:

Microsoft Windows NT Workstation 4.0 Service Pack 6a: http://antivirus.nih.gov/files/MS_Patch/MS04011/WindowsNT4/Workstation-KB835732-x86-ENU.EXE

Microsoft Windows NT Server 4.0 Service Pack 6a :
http://antivirus.nih.gov/MS_Patch/MS04011/WindowsNT4Server-KB835732-x86-ENU.EXE

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Requires Windows NT Server 4.0 Terminal Server Edition Security Rollup Package (SRP)as a prerequisite: http://antivirus.nih.gov/MS_Patch/MS04011/WindowsNT4TerminalServer-KB835732-x86-ENU.EXE

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft 2000 Windows Service Pack 4: http://antivirus.nih.gov/MS_Patch/MS04011/Windows2000-KB835732-x86-ENU.EXE

Microsoft Windows XP, Microsoft Windows XP Service Pack 1:
http://antivirus.nih.gov/MS_Patch/MS04011/WindowsXP-KB835732-x86-ENU.EXE

Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1: http://antivirus.nih.gov/MS_Patch/MS04011/WindowsXP-KB835732-IA64-ENU.EXE

Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1: http://antivirus.nih.gov/MS_Patch/MS04007/WindowsServer2003-KB835732-IA64-ENU.EXE

Microsoft Windows Server 2003:
http://antivirus.nih.gov/MS_Patch/MS04007/WindowsServer2003-KB835732-x86-ENU.EXE

Microsoft Windows Server 2003 64-Bit Edition:
http://antivirus.nih.gov/MS_Patch/MS04007/WindowsServer2003-KB835732-IA64-ENU.EXE

Note: After applying this patch on Windows XP or Windows 2000 Terminal server if you experience problems with connecting to Windows 2000 Terminal server consult Microsoft KB article KB323597.

For more information see http://www.microsoft.com/technet/security/Bulletin/MS04-011.mspx from Microsoft.