PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   General XP issues or comments (http://www.pcbanter.net/forumdisplay.php?f=18)
-   -   Security Bulletin: MS04-22: Vulnerability in Task Scheduler Could Allow Code Execution (841873) (http://www.pcbanter.net/showthread.php?t=596048)

Emily F [MSFT] July 21st 04 12:42 AM
Security Bulletin: MS04-22: Vulnerability in Task Scheduler Could Allow Code Execution (841873)
 
Today Microsoft release the following bulletin:
http://www.microsoft.com/technet/sec.../MS04-022.mspx
Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Issued: July 13, 2004
Version: 1.0

Executive Summary:

This update resolves a newly-discovered, privately reported vulnerability. A
remote code execution vulnerability exists in the Task Scheduler because of
an unchecked buffer. The vulnerability is documented in the Vulnerability
Details section of this bulletin.

If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control of an
affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. However, user
interaction is required to exploit this vulnerability. Users whose accounts
are configured to have fewer privileges on the system would be at less risk
than users who operate with administrative privileges.

We recommend that customers apply the update immediately

Summary

Who should read this document: Customers who use Microsoft® Windows®

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: None

Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 6.0 Service Pack 1 you will have the vulnerable
component on your system.

Tested Software and Security Update Download Locations:

Affected Softwa

. Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4 - Download the update

. Microsoft Windows XP and Microsoft Windows XP Service Pack 1 -
Download the update

. Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the
update

Bajohns September 18th 04 02:35 PM
Security Bulletin: MS04-22: Vulnerability in Task Scheduler Co
 
Did you ever get this issue resolved? I'm having the same problem since
July, probably when I installed that update. Can't find much info on
Microsoft website or the Net in general. I've seen the resolution to
uninstall, but figured Microsoft would have a least addressed the issue.


"caifan_mail" wrote:

I am having problems running my previously scheduled tasks. In
specific, I am not able to create or run tasks based on shortcuts to
an executable. For instance, I had a shutdownauto.lnk shortcut that
contained the line "C:\Windows\System32\shutdown.exe -s". Before this
update, I was able to create a task to run this shortcut every day at
3am. After the update, my task no longer runs.
This is only one of many shortcuts that my organization supports. We
support a large number of computers and rely on tasks to cleanup and
shutdown these pc's at night. Any ideas how I can get this back
without having to uninstall KB841873?


All times are GMT +1. The time now is 09:50 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters