The Microsoft Security Update MS04-038 was released back in October 2004, targeting all Windows users and addressing critical vulnerabilities in Internet Explorer 5.x and 6. Therefore, it was marked as 'urgent' by Microsoft.
It is intended for computers that run on all versions of Windows up to 2003, namely:
· Windows 98, 98 Second Edition and Millennium
· NT Server 4.0 Service Pack 6a
· NT Server 4.0 Terminal Server Edition Service Pack 6
· 2000 Service Pack 3 and 4
· Windows Server 2003 (including 64-bit edition)
· Windows XP
· Windows XP Service Pack 1 (including 64-bit edition)
· Windows XP Service Pack 2
· Windows XP 64-Bit Edition Version 2003
Microsoft Security Update MS04-038 addresses important vulnerabilities that could endanger the system. The weak points are related to the risk of remote code execution or private data disclosure and comprise a high number of flaws in the CSS or related to the name redirection cross domain, the install engine, the plug-in navigation address bar of Internet Explorer, SSL caching or scripts embedded in image tag files.
To be more exact, cyber criminals can exploited these weaknesses in Internet Explorer in order to obtain full control over the target computer, provided the user has administrative priviledges. As such, they can freely create a new user and restrict access to the computer, install programs, remove or modify stored data.
The more affected systems are those deployed with Internet Explorer 5.01, 5.5, 6 and 6 SP1, while Windows XP SP2 and Server 2003 users are the least vulnerable.
Considering the severity of the update, Microsoft recommends that all users still running one of the affected operating systems apply the update immediately.