News

Three New Security Patches Out for Microsoft Products

Microsoft issued a raft of new security fixes Wednesday evening.

The most serious was a problem arising from an unchecked buffer in Microsoft's Remote Access Service Phonebook leaves several Microsoft business-class operating systems open to a critical vulnerability. Less serious vulnerabilities were also patched in the IIS Web server and in SQLXML.

The three new patches are among five security bulletins released by Microsoft this week, an excessively high number given that only 30 have been issued so far all year.

Platforms vulnerable to the critical RAS Phonebook problem include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. An attacker can use the vulnerability to elevate local privileges.

The group of three new security bulletins follow two bulletins earlier in the week. A critical problem in Microsoft's handling of the Gopher protocol rated a pre-patch workaround for Internet Explorer, Internet Security & Acceleration Server and Proxy Server. An update was also put out for an earlier patch that dealt with a vulnerability in several of Microsoft's instant messaging clients.

The new patches can be found here:

  • RAS: www.microsoft.com/technet/security/bulletin/MS02-029.asp
  • IIS: www.microsoft.com/technet/security/bulletin/MS02-028.asp
  • SQLXML: www.microsoft.com/technet/security/bulletin/MS02-030.asp
  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Microsoft Nabs IoT Platform Provider Express Logic

      As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

    • Dealing with Broken Dependencies in SCVMM

      Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

    • AzCopy Preview Adds AWS S3 Data Transfer Improvements

      Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

    • Microsoft Adding Google G Suite Migration in Exchange Admin Center

      Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

    comments powered by Disqus

    Office 365 Watch

    Sign up for our newsletter.

    Terms and Privacy Policy consent

    I agree to this site's Privacy Policy.