===================================================================== CERT-Renater Note d'Information No. 2004/VULN224 _____________________________________________________________________ DATE : 12/05/2004 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows 98, ME, NT, 2000, XP, Server 2003. ====================================================================== MS04-014 Title: Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution Affected Software: - Microsoft Windows NT Workstation 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - Microsoft Windows 2000 Service Pack 2 - Microsoft Windows 2000 Service Pack 3 - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP - Microsoft Windows XP Service Pack 1 - Microsoft Windows XP 64-Bit Edition Service Pack 1 - Microsoft Windows XP 64-Bit Edition Version 2003 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 64-Bit Edition - Microsoft Windows 98 - Please review the FAQ section of the bulletin for details about this operating system. - Microsoft Windows 98 Second Edition (SE) - Please review the FAQ section of the bulletin for details about this operating system. - Microsoft Windows Millennium Edition (ME) - Please review the FAQ section of the bulletin for details about this operating system. Affected Components: - Microsoft Jet Database Engine version 4.0 Reason for Re-issue: Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action. If you have previously applied the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1), you need not take any additional action as you are already protected from this vulnerability. However, if you want to have the Jet optional text error information in the same language as your Windows XP installation, you will need to remove the original security update MS04-014 (837001) following the Removal Information procedure located in this document and install the revised version. Once 837001 is uninstalled, revisiting Windows Update will result in the revised MS04-014 security update for Windows XP being re-offered with the correct, localized, optional text error strings. More information on this re-issued bulletin is available at: http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================