Microsoft Security Bulletin(s) for September 14, 2004

Microsoft Security Bulletin(s) for 9/14/2004
September 14, 2004
Today Microsoft released the following Security Bulletins.

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summaries:

September Summary
http://www.microsoft.com/technet/security/Bulletin/ms04-sep.mspx

Critical Bulletins:

MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx

Important Bulletins:

MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

http://www.microsoft.com/technet/security/Bulletin/MS04-027.mspx

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338
International customers should contact their local subsidiary.
__________________

 

Hi Dan

KB842773 (BITS update) Was part of last months updates so you should install that if windows recommends it. It is always best practice to allow windows to determine your updates as it has direct access to your machine. This particular update is important especially if you have software that has required "patches" as updates on it. This update makes sure that should you restore or uninstall software that the patch is also removed from the registry. IE exclude files from backup which may include the patch. This screen-shot for example would be a good example of system restore where the software is removed but the patch remains in the registry. So should you need to reinstall the software again at a later date you will not be able to. So Dan do install this update as you never know when you will need to do a system restore and you may regret it. This invalid value may cause backup applications to fail or incorrectly "exclude" files from backup. This update changes the registry value so the backup applications are not affected.
There is some additional reading here on what else this Microsoft Security Bulletin(s) benefits are
http://www.microsoft.com/downloads/...b1-ba43-480f-983d-eb19368f9047&displaylang=en

http://support.microsoft.com/default.aspx?kbid=842773

The GDI+ Tool update is mainly for office applications
http://www.microsoft.com/security/bulletins/200409_jpeg_tool.mspx
Best regards