Six Days in February: Bulletin-Fest at Microsoft
- By Scott Bekker
After a slow start in 2002, Microsoft's security apparatus has been busy, issuing one security bulletin in late January and four more bulletins over a six-day period in February.
The first security bulletin of 2002 didn't arrive until Jan. 30, although it was an interesting one. That was the domain trust issue where a malicious administrator with sophisticated code skills could contrive to change his permissions in another trusting domain.
Between Feb. 6 and Feb. 11, Microsoft released four bulletins, including a cumulative patch fixing three critical problems with Internet Explorer. A bulletin involving a moderate risk vulnerability in the Telnet service in Windows 2000 and Interix 2.2 appeared on Feb. 7. Two low risk problems prompted another Feb. 7 bulletin involving Exchange 2000 Server and a Feb. 6 bulletin involving Microsoft Office v. X for Mac.
The flurry of bulletins comes as Microsoft developers undertake a review of product code during the month of February for security issues. That review was prompted by chairman and chief security architect Bill Gates' "Trustworthy Computing" e-mail in January that called for a greater emphasis on security in Microsoft products.
Microsoft did not immediately respond to a request for comment on whether the security bulletin activity was related to the code review.
Microsoft issued 60 security bulletins in 2001, compared with 100 in 2000. It is not an apples-to-apples comparison because Microsoft produced many more rollup patches in 2001 than in the prior year.
Links to Microsoft's current security bulletins can be found here:
Scott Bekker is editor in chief of Redmond Channel Partner magazine.