Microsoft Security Bulletin MS03-011 - Critical
Flaw in Microsoft VM Could Enable System Compromise (816093)
Originally posted: April 09, 2003
Who should read this bulletin:
Customers using Microsoft® Windows®.
Impact of vulnerability:
Allow attacker to execute code of his or her choice.
Maximum Severity Rating:
Customers should install build 3810 or later of the Microsoft VM, as discussed below
End User Bulletin:
An end user version of this bulletin is available at: http://www.microsoft.com/athome/security/update/bulletins/default.mspx
- Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. All builds of the Microsoft VM up to and including build 5.0.3809 are affected by these vulnerabilities.
- Microsoft Knowledge Base article 816093 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (April 09, 2003): Bulletin Created.
- V1.1 (April 14, 2003): Corrected Windows NT 4.0 Service Pack requirements
- V1.2 (June 27, 2003): Updated for Windows 2000 Service Pack 4
- V1.3 (April 13, 2004): Updated Windows 2000 Service Pack 4 information.
- V2.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.