On Tuesday February 10th, Microsoft released three new security updates to patch new vulnerabilities, one of which is catching a lot of attention. Security Update MS04-007 is rated as critical because it has the potential to leave a user of Windows NT, 2000, XP or 2003 Server open to an attack that could result in remote code execution. The vulnerability has no workarounds, and is being very strongly recommended by Microsoft and security organizations. However, at this time, Microsoft says there are no reported incidents using the vulnerability, but is recommending the patch as a preemptive strike against attack.

The patch is required on virtually all versions of Windows NT, 2000, XP, and 2003 Server. This includes Windows Media Center and Tablet versions as well. Some NT 4.0 systems may not be vulnerable unless they have been updated with MS03-041, which loads the ASN1 library. To tell whether your system is vulnerable, go to a command prompt and enter dir C:\msasn1.dll /s or use the find or search function in the Windows Start menu. If you find the MSASN1.DLL file, you need the update.

To perform the update you can click on Windows Update from your Start or All Programs menu in Windows, or visit the Windows Update site directly. Alternatively, you can also download the patch for use on a network or disconnected machines by going to the Microsoft download center and searching on 828028 (the knowledgebase number). There are 8 separate downloads for different versions of Windows.

To read the full story, click here.