Security 10809 Published by

Microsoft has released a security update for Internet Explorer:

Today, 30 July 2004 Microsoft is releasing one security bulletin for newly discovered vulnerabilities in Microsoft Windows.

- One Microsoft Security Bulletins affecting Microsoft Windows with a maximum severity of Critical, MS04-025.

The summary for this new bulletin may be found at the following page:
- http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx

Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable.



VERY IMPORTANT: MS04-025 contains two different fixes. These are distinguished by their association with Knowledge Base (KB) article numbers: 867801 and 871260.

The vast majority of customers in need of this update should apply the fix associated with KB article 867801. This is available as always from both Windows Update and the Download Center.

The very few of our customers who have applied an IE Hotfix since the release of MS04-004 should not apply this update. Rather, they need to apply the update with KB article 871260. This version of the update is available only in the Download Center and can be reached from KB article 871260.

These customers should review KB Article 871260 for more detailed information including installation instructions..

For more detailed information on this, please review the security bulletin MS04-025 and KB articles 867801 and 871260.

This bulletin will be discussed during the August Security Bulletins webcast:
- Information about Microsoft's August Security Bulletins
- Wednesday, August 11, 2004 11:00 AM
- (GMT-08:00) Pacific Time (US & Canada)
- http://go.microsoft.com/fwlink/?LinkId=32590
The on-demand version of the webcast will be available 24 hours after the live webcast at:
- http://go.microsoft.com/fwlink/?LinkId=32590

**********************************************************************
TECHNICAL DETAILS

MS04-025
Title: Cumulative Security Update for Internet Explorer (867801)

Affected Software:
- Microsoft Windows NT:registered: Workstation 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP and Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server:registered: 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

Affected Components:
- Internet Explorer 5.01 Service Pack 2
- Internet Explorer 5.01 Service Pack 3
- Internet Explorer 5.01 Service Pack 4
- Internet Explorer 5.5 Service Pack 2
- Internet Explorer 6
- Internet Explorer 6 Service Pack 1
- Internet Explorer 6 Service Pack 1 (64-Bit Edition)
- Internet Explorer 6 for Windows Server 2003
- Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Restart required: You must restart your system after you apply this security update. You do not have to use an administrator logon after the computer restarts for any version of this update.

Update can be uninstalled: Yes

More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx

PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS.

If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.