News

Three New Security Patches Out for Microsoft Products

Microsoft issued a raft of new security fixes Wednesday evening.

The most serious was a problem arising from an unchecked buffer in Microsoft's Remote Access Service Phonebook leaves several Microsoft business-class operating systems open to a critical vulnerability. Less serious vulnerabilities were also patched in the IIS Web server and in SQLXML.

The three new patches are among five security bulletins released by Microsoft this week, an excessively high number given that only 30 have been issued so far all year.

Platforms vulnerable to the critical RAS Phonebook problem include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. An attacker can use the vulnerability to elevate local privileges.

The group of three new security bulletins follow two bulletins earlier in the week. A critical problem in Microsoft's handling of the Gopher protocol rated a pre-patch workaround for Internet Explorer, Internet Security & Acceleration Server and Proxy Server. An update was also put out for an earlier patch that dealt with a vulnerability in several of Microsoft's instant messaging clients.

The new patches can be found here:

  • RAS: www.microsoft.com/technet/security/bulletin/MS02-029.asp
  • IIS: www.microsoft.com/technet/security/bulletin/MS02-028.asp
  • SQLXML: www.microsoft.com/technet/security/bulletin/MS02-030.asp
  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Azure Edge Zones Hit Preview

      Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

    • Microsoft Shifts 2020 Events To Be Online Only

      Microsoft is shifting its big events this year to be online only, including Ignite 2020.

    • Microsoft Browser Support for TLS 1.0 and 1.1 Ending 2H 2020

      Microsoft announced on Tuesday that its plans to drop support for Transport Layer Security (TLS) protocols 1.0 and 1.1 in its browsers will get delayed by a few months until the second half of this year.

    • Attackers Using Excel Read-Only Files To Obscure Malware

      Attackers can attempt to hide malicious payloads in Excel files sent by e-mail by using a standard Excel feature, according to a Tuesday post by Mimecast researchers.

    comments powered by Disqus

    Office 365 Watch

    Sign up for our newsletter.

    Terms and Privacy Policy consent

    I agree to this site's Privacy Policy.