July 2004 Critical Security Updates

Two critical and four important updates were included in Microsoft’s July 2004 monthly security posting for Windows OSs. The vulnerabilities these updates repair could enable an attacker to gain complete control of a computer over the Internet, in some cases without any action on the part of the computer’s user, which makes them a potential platform for worms and viruses. (For a chart summarizing these updates, see “July 2004 Update Summary.”)

Updates Change Configuration

The July 2004 updates go beyond merely repairing vulnerabilities to changing the functionality or configuration of Windows to harden security. For example, the update to fix problems with Windows HTML-based help also changes the default behavior of Windows so that the Windows HTML-based help system will only open files that have the extension .chm, which could affect other applications that use other file types to display their information as part of the Windows help system.

As with the Apr. 2004 vulnerabilities, where multiple patches were consolidated into a single update due to common files, at least one of the July updates fixes several vulnerabilities by making multiple modifications to the same file.