News

Three New Security Patches Out for Microsoft Products

Microsoft issued a raft of new security fixes Wednesday evening.

The most serious was a problem arising from an unchecked buffer in Microsoft's Remote Access Service Phonebook leaves several Microsoft business-class operating systems open to a critical vulnerability. Less serious vulnerabilities were also patched in the IIS Web server and in SQLXML.

The three new patches are among five security bulletins released by Microsoft this week, an excessively high number given that only 30 have been issued so far all year.

Platforms vulnerable to the critical RAS Phonebook problem include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. An attacker can use the vulnerability to elevate local privileges.

The group of three new security bulletins follow two bulletins earlier in the week. A critical problem in Microsoft's handling of the Gopher protocol rated a pre-patch workaround for Internet Explorer, Internet Security & Acceleration Server and Proxy Server. An update was also put out for an earlier patch that dealt with a vulnerability in several of Microsoft's instant messaging clients.

The new patches can be found here:

  • RAS: www.microsoft.com/technet/security/bulletin/MS02-029.asp
  • IIS: www.microsoft.com/technet/security/bulletin/MS02-028.asp
  • SQLXML: www.microsoft.com/technet/security/bulletin/MS02-030.asp
  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • New Office App Coming to Windows 10 Users

      Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

    • Microsoft Warns .NET Core 1.0 and 1.1 Losing Support in June

      Microsoft gave notice this week that .NET Core 1.0 and 1.1 will fall out of support on June 27, 2019.

    • Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

      Microsoft on Friday described its 2019 timeline for when it will start distrusting Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

    • Performing a Storage Refresh on Windows Server 2016, Part 1

      To spruce up some aging lab hardware, Brien decided to make the jump to all-flash storage. Here's a walk-through of the first half of the process.

    comments powered by Disqus

    Office 365 Watch

    Sign up for our newsletter.

    Terms and Privacy Policy consent

    I agree to this site's Privacy Policy.