Microsoft Security Bulletins for June 2004

June 8, 2004
Today Microsoft released the following Security Bulletins.

Note: www.microsoft.com/technet/security and www.microsoft.com/security are
authoritative in all matters concerning Microsoft Security Bulletins! ANY
e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See the
individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.

Bulletin Summaries:

Microsoft: http://www.microsoft.com/technet/security/Bulletin/ms04-jun.mspx

Moderate Bulletins:

MS04-016 - Vulnerability in DirectPlay Could Allow Denial of Service
(839643)
http://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx

MS04-017 - Vulnerability in Crystal Reports Web Viewer Could Allow
Information Disclosure and Denial of Service (842689)
http://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx

This represents our regularly scheduled monthly bulletin release (second
Tuesday of each month). Please note that Microsoft may release bulletins out
side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.
--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and confers no rights.

Robert
Tue Jun 08 12:37:40 CDT 2004

Why was this posted to the technet page and not to
www.microsoft.com/security ??

"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:OGM8AqXTEHA.2128@TK2MSFTNGP11.phx.gbl...
> June 8, 2004
> Today Microsoft released the following Security Bulletins.
>
> Note: www.microsoft.com/technet/security and www.microsoft.com/security
are
> authoritative in all matters concerning Microsoft Security Bulletins! ANY
> e-mail, web board or newsgroup posting (including this one) should be
> verified by visiting these sites for official information. Microsoft never
> sends security or other updates as attachments. These updates must be
> downloaded from the microsoft.com download center or Windows Update. See
the
> individual bulletins for details.
>
> Because some malicious messages attempt to masquerade as official
Microsoft
> security notices, it is recommended that you physically type the URLs into
> your web browser and not click on the hyperlinks provided.
>
> Bulletin Summaries:
>
> Microsoft:
http://www.microsoft.com/technet/security/Bulletin/ms04-jun.mspx
>
> Moderate Bulletins:
>
> MS04-016 - Vulnerability in DirectPlay Could Allow Denial of Service
> (839643)
> http://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx
>
> MS04-017 - Vulnerability in Crystal Reports Web Viewer Could Allow
> Information Disclosure and Denial of Service (842689)
> http://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx
> ....
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>

John
Tue Jun 08 13:29:45 CDT 2004

it is

http://www.microsoft.com/security/bulletins/200406_crystal.mspx

I just saw it at a different location and wanted to pass the information
along.

"Robert Chao" <robertjchao@yahoo.com> wrote in message
news:xNKdnbHmhrX5ZFjdRVn-sQ@inreach.com...
> Why was this posted to the technet page and not to
> www.microsoft.com/security ??
>
> "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> news:OGM8AqXTEHA.2128@TK2MSFTNGP11.phx.gbl...
> > June 8, 2004
> > Today Microsoft released the following Security Bulletins.
> >
> > Note: www.microsoft.com/technet/security and www.microsoft.com/security
> are
> > authoritative in all matters concerning Microsoft Security Bulletins!
ANY
> > e-mail, web board or newsgroup posting (including this one) should be
> > verified by visiting these sites for official information. Microsoft
never
> > sends security or other updates as attachments. These updates must be
> > downloaded from the microsoft.com download center or Windows Update. See
> the
> > individual bulletins for details.
> >
> > Because some malicious messages attempt to masquerade as official
> Microsoft
> > security notices, it is recommended that you physically type the URLs
into
> > your web browser and not click on the hyperlinks provided.
> >
> > Bulletin Summaries:
> >
> > Microsoft:
> http://www.microsoft.com/technet/security/Bulletin/ms04-jun.mspx
> >
> > Moderate Bulletins:
> >
> > MS04-016 - Vulnerability in DirectPlay Could Allow Denial of Service
> > (839643)
> > http://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx
> >
> > MS04-017 - Vulnerability in Crystal Reports Web Viewer Could Allow
> > Information Disclosure and Denial of Service (842689)
> > http://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx
> > ....
> > Jerry Bryant - MCSE, MCDBA
> > Microsoft IT Communities
> >
> > Get Secure! www.microsoft.com/security
> >
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
>
>

Roger
Thu Jun 10 02:29:45 CDT 2004

Not all of the ms.com properties are updated
simultaneously. You apparently just looked
a little early.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Robert Chao" <robertjchao@yahoo.com> wrote in message
news:xNKdnbHmhrX5ZFjdRVn-sQ@inreach.com...
> Why was this posted to the technet page and not to
> www.microsoft.com/security ??
>
> "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> news:OGM8AqXTEHA.2128@TK2MSFTNGP11.phx.gbl...
> > June 8, 2004
> > Today Microsoft released the following Security Bulletins.
> >
> > Note: www.microsoft.com/technet/security and www.microsoft.com/security
> are
> > authoritative in all matters concerning Microsoft Security Bulletins!
ANY
> > e-mail, web board or newsgroup posting (including this one) should be
> > verified by visiting these sites for official information. Microsoft
never
> > sends security or other updates as attachments. These updates must be
> > downloaded from the microsoft.com download center or Windows Update. See
> the
> > individual bulletins for details.
> >
> > Because some malicious messages attempt to masquerade as official
> Microsoft
> > security notices, it is recommended that you physically type the URLs
into
> > your web browser and not click on the hyperlinks provided.
> >
> > Bulletin Summaries:
> >
> > Microsoft:
> http://www.microsoft.com/technet/security/Bulletin/ms04-jun.mspx
> >
> > Moderate Bulletins:
> >
> > MS04-016 - Vulnerability in DirectPlay Could Allow Denial of Service
> > (839643)
> > http://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx
> >
> > MS04-017 - Vulnerability in Crystal Reports Web Viewer Could Allow
> > Information Disclosure and Denial of Service (842689)
> > http://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx
> > ....
> > Jerry Bryant - MCSE, MCDBA
> > Microsoft IT Communities
> >
> > Get Secure! www.microsoft.com/security
> >
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
>
>

Chad
Sun Jun 13 12:35:04 CDT 2004

Since this is a BCM group, it might also be appropriate to list a Security
Bulletin for BCM posted by MSFT on the same day, as well as an update that
may be needed to work with some SQL apps deploying BCM although I haven't
needed it yet for BCM:

Description of the Business Contact Manager for Outlook 2003 Security
Update: June 8, 2004
http://support.microsoft.com/?kbid=842496

and although not a security bulletin of interest for SQL and MSDE users--and
this may not be needed for BCM:


FAQ: How Windows XP Service Pack 2 (SP2) Affects SQL Server and MSDE May 24,
2004
http://www.microsoft.com/sql/techinfo/administration/2000/security/winxpsp2faq.asp

SQL Server 2000 Service Pack 3a
http://www.microsoft.com/sql/downloads/2000/sp3.asp


MSDN Webcast: SQL Server and Windows XP SP2 - Level 300

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032253410&Culture=en-US

Chad Harris









________________________________________________________________________________________________
"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:OGM8AqXTEHA.2128@TK2MSFTNGP11.phx.gbl...
> June 8, 2004
> Today Microsoft released the following Security Bulletins.
>
> Note: www.microsoft.com/technet/security and www.microsoft.com/security
> are
> authoritative in all matters concerning Microsoft Security Bulletins! ANY
> e-mail, web board or newsgroup posting (including this one) should be
> verified by visiting these sites for official information. Microsoft never
> sends security or other updates as attachments. These updates must be
> downloaded from the microsoft.com download center or Windows Update. See
> the
> individual bulletins for details.
>
> Because some malicious messages attempt to masquerade as official
> Microsoft
> security notices, it is recommended that you physically type the URLs into
> your web browser and not click on the hyperlinks provided.
>
> Bulletin Summaries:
>
> Microsoft:
> http://www.microsoft.com/technet/security/Bulletin/ms04-jun.mspx
>
> Moderate Bulletins:
>
> MS04-016 - Vulnerability in DirectPlay Could Allow Denial of Service
> (839643)
> http://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx
>
> MS04-017 - Vulnerability in Crystal Reports Web Viewer Could Allow
> Information Disclosure and Denial of Service (842689)
> http://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx
>
> This represents our regularly scheduled monthly bulletin release (second
> Tuesday of each month). Please note that Microsoft may release bulletins
> out
> side of this schedule if we determine the need to do so.
>
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety (1-866-727-2338).
> International customers should contact their local subsidiary.
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>