=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2004/VULN452
_____________________________________________________________________

DATE                      : 13/10/2004

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows NT Server 4.0, Windows 2000 Server,
                              Windows Server 2003,
                              systems running Exchange 2000 Server SP3,
                               Exchange Server 2003.

======================================================================

MS04-036
Title:  Vulnerability in NNTP Could Allow Code Execution (883935)

Affected Software:
  - Microsoft Windows NT Server 4.0 Service Pack 6a
  - Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows
2000 Server Service Pack 4
  - Microsoft Windows Server(tm) 2003
  - Microsoft Windows Server 2003 64-Bit Edition
  - Microsoft Exchange 2000 Server Service Pack 3 (Uses Windows 2000 NNTP
Component)
  - Microsoft Exchange Server 2003 (Uses Windows 2000 or Windows Server
2003 NNTP Component)

Affected Components:
  - Microsoft Windows NT Server 4.0 Service Pack 6a NNTP Component
  - Microsoft Windows 2000 Server Service Pack 3 NNTP Component and
Microsoft Windows 2000 Server Service Pack 4 NNTP Component
  - Microsoft Windows Server(tm) 2003 NNTP Component
  - Microsoft Windows Server 2003 64-Bit Edition NNTP Component

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating:  Critical

Restart required:  In some cases, this update does not require a
restart. The installer stops the required services, applies the update,
and then restarts the services. However, if the required services cannot
be stopped for any reason or if required files are in use, this update
will require a restart. If this occurs, a message appears that advises
you to restart.

Update can be uninstalled: Yes

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER	        | tel : 01-53-94-20-44	        +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41	        +
         + 75013 Paris	        | email: certsvp@renater.fr     +
         =========================================================