Multiple Vulnerabilities in Microsoft Windows - 21 Apr 2004

Reported April 13, 2004, by Microsoft.






·        Windows Server 2003

·        Windows XP

·        Windows 2000

·        Windows NT Server 4.0 Service Pack (SP) 6a

·        Windows NT Server 4.0, Terminal Server Edition (WTS) SP6

·        Windows NT Workstation 4.0 SP6a

·        Microsoft Windows Me

·        Microsoft Windows 9x

·        Microsoft NetMeeting




Fourteen new vulnerabilities exist in Windows, the most serious of which could result in the remote execution of arbitrary code on the vulnerable system with SYSTEM privileges. These 14 vulnerabilities consist of:


·         Local Security Authority Subsystem Service (LSASS) vulnerability

·         Lightweight Directory Access Protocol (LDAP) vulnerability

·         Private Communications Technology (PCT) vulnerability

·         Winlogon vulnerability

·         Metafile vulnerability

·         Help and Support Center vulnerability

·         Utility Manager vulnerability

·         Windows Management vulnerability

·         Local Descriptor Table vulnerability

·         H.323 vulnerability

·         Virtual DOS Machine (VDM) vulnerability

·         Negotiate SSP vulnerability

·         Secure Sockets Layer (SSL) vulnerability

·         ASN.1 "Double Free" vulnerability




Microsoft has released Microsoft Security Bulletin MS04-011, "Security Update for Microsoft Windows (835732)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.




Discovered by Carlos Sarraute, Internet Security Systems, Ondrej Sevecek, Jouko Pynnönen, Brett Moore, Cesar Cerrudo, Ben Pryor, Erik Kamphuis, NSFOCUS Security Team, John Lampe, Foundstone Labs, Qualys and eEye Digital Security.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.