New Microsoft Critical Updates Prevent Remote Code Execution

April 15, 2004

UC Davis is urgently recommending that Windows users install the most recent Critical Updates issued by Microsoft on Tuesday, April 13, 2004. Some of these updates remove multiple vulnerabilities, many of which could allow an attacker to overwrite a program's code, changing its operation. If left unpatched, the vulnerabilities could also allow an attacker to gain full access to a system. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts.

One or more of the updates now available affect the following systems:

Windows 2000
Windows XP
Windows Server 2003
Windows NT Workstation
Windows NT Server 4.0
Windows NT Server 4.0, Terminal Server Edition
Windows 98
Windows 98 Second Edition (SE)
Windows Millennium Edition (Me)

It is highly recommended that users of these systems install the updates as soon as possible. To review and install updates, visit http://v4.windowsupdate.microsoft.com/en/default.asp.

For additional information about these vulnerabilities and the critical updates, see the Microsoft Security Bulletins.