Microsoft KB Archive/841873

= MS04-022: A vulnerability in Task Scheduler could allow code execution =

Article ID: 841873

Article Last Modified on 2/6/2007

-

APPLIES TO


 * Microsoft Windows XP Professional x64 Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Internet Explorer 6.0, when used with:
 * Microsoft Windows NT 4.0 Service Pack 6a

-





Microsoft has released security bulletin MS04-022. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx

Known issues
 The issue that is described in the following Microsoft Knowledge Base article may occur:

871245 You receive a &quot;Cannot delete this scheduled job&quot; error message when you try to delete a scheduled task in Windows 2000

Note Knowledge Base article 871245 was replaced with Knowledge Base article 873405. For more information about 873405, click the following article number to view the article in the Microsoft Knowledge Base:

873405 &quot;The AT job ID does not exist&quot; error message is returned by the NetScheduleJobDel function if you delete a scheduled task in Windows 2000

 When you try to install this security update on a Microsoft Windows NT 4.0-based computer, you may receive the following error message:

This package can only be installed on Windows NT 4.0.

This issue may occur if Task Scheduler is not installed on your Windows NT 4.0-based computer. If the Mstask.dll file is not on your computer, the security update that this article describes is not required.

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit remote code execution application name validation unauthenticated specially-formed scope specially-crafted WinXP Win2000 IE6 WinNT TSE atdownload 64bit 64-bit

Keywords: kbhotfixserver kbqfe atdownload kbsecurity kbsecbulletin kbsecvulnerability kbwinxppresp2fix kbbug kbfix kbwin2000presp5fix KB841873

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.