A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security Bulletin: MS04-22: Vulnerability in Task Scheduler Could Allow Code Execution (841873)



 
 
Thread Tools Display Modes
  #1  
Old July 21st 04, 12:42 AM
Emily F [MSFT]
external usenet poster
 
Posts: n/a
Default Security Bulletin: MS04-22: Vulnerability in Task Scheduler Could Allow Code Execution (841873)

Today Microsoft release the following bulletin:
http://www.microsoft.com/technet/sec.../MS04-022.mspx
Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Issued: July 13, 2004
Version: 1.0

Executive Summary:

This update resolves a newly-discovered, privately reported vulnerability. A
remote code execution vulnerability exists in the Task Scheduler because of
an unchecked buffer. The vulnerability is documented in the Vulnerability
Details section of this bulletin.

If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control of an
affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. However, user
interaction is required to exploit this vulnerability. Users whose accounts
are configured to have fewer privileges on the system would be at less risk
than users who operate with administrative privileges.

We recommend that customers apply the update immediately

Summary

Who should read this document: Customers who use Microsoft® Windows®

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: None

Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 6.0 Service Pack 1 you will have the vulnerable
component on your system.

Tested Software and Security Update Download Locations:

Affected Softwa

. Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4 - Download the update

. Microsoft Windows XP and Microsoft Windows XP Service Pack 1 -
Download the update

. Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the
update



Ads
  #2  
Old September 18th 04, 02:35 PM
Bajohns
external usenet poster
 
Posts: n/a
Default Security Bulletin: MS04-22: Vulnerability in Task Scheduler Co

Did you ever get this issue resolved? I'm having the same problem since
July, probably when I installed that update. Can't find much info on
Microsoft website or the Net in general. I've seen the resolution to
uninstall, but figured Microsoft would have a least addressed the issue.


"caifan_mail" wrote:

I am having problems running my previously scheduled tasks. In
specific, I am not able to create or run tasks based on shortcuts to
an executable. For instance, I had a shutdownauto.lnk shortcut that
contained the line "C:\Windows\System32\shutdown.exe -s". Before this
update, I was able to create a task to run this shortcut every day at
3am. After the update, my task no longer runs.
This is only one of many shortcuts that my organization supports. We
support a large number of computers and rely on tasks to cleanup and
shutdown these pc's at night. Any ideas how I can get this back
without having to uninstall KB841873?

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 08:47 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.