News

Three New Security Patches Out for Microsoft Products

Microsoft issued a raft of new security fixes Wednesday evening.

The most serious was a problem arising from an unchecked buffer in Microsoft's Remote Access Service Phonebook leaves several Microsoft business-class operating systems open to a critical vulnerability. Less serious vulnerabilities were also patched in the IIS Web server and in SQLXML.

The three new patches are among five security bulletins released by Microsoft this week, an excessively high number given that only 30 have been issued so far all year.

Platforms vulnerable to the critical RAS Phonebook problem include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. An attacker can use the vulnerability to elevate local privileges.

The group of three new security bulletins follow two bulletins earlier in the week. A critical problem in Microsoft's handling of the Gopher protocol rated a pre-patch workaround for Internet Explorer, Internet Security & Acceleration Server and Proxy Server. An update was also put out for an earlier patch that dealt with a vulnerability in several of Microsoft's instant messaging clients.

The new patches can be found here:

  • RAS: www.microsoft.com/technet/security/bulletin/MS02-029.asp
  • IIS: www.microsoft.com/technet/security/bulletin/MS02-028.asp
  • SQLXML: www.microsoft.com/technet/security/bulletin/MS02-030.asp
  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Azure Active Directory ID Protection 'Refresh' Now Available

      Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

    • Microsoft Releases Windows 10 Version 1909

      Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

    • November Microsoft Security Bundle Addresses 75 Vulnerabilities

      Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

    • The Future of Office 365 Pricing

      With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

    comments powered by Disqus

    Office 365 Watch

    Sign up for our newsletter.

    Terms and Privacy Policy consent

    I agree to this site's Privacy Policy.