News

Three New Security Patches Out for Microsoft Products

Microsoft issued a raft of new security fixes Wednesday evening.

The most serious was a problem arising from an unchecked buffer in Microsoft's Remote Access Service Phonebook leaves several Microsoft business-class operating systems open to a critical vulnerability. Less serious vulnerabilities were also patched in the IIS Web server and in SQLXML.

The three new patches are among five security bulletins released by Microsoft this week, an excessively high number given that only 30 have been issued so far all year.

Platforms vulnerable to the critical RAS Phonebook problem include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. An attacker can use the vulnerability to elevate local privileges.

The group of three new security bulletins follow two bulletins earlier in the week. A critical problem in Microsoft's handling of the Gopher protocol rated a pre-patch workaround for Internet Explorer, Internet Security & Acceleration Server and Proxy Server. An update was also put out for an earlier patch that dealt with a vulnerability in several of Microsoft's instant messaging clients.

The new patches can be found here:

  • RAS: www.microsoft.com/technet/security/bulletin/MS02-029.asp
  • IIS: www.microsoft.com/technet/security/bulletin/MS02-028.asp
  • SQLXML: www.microsoft.com/technet/security/bulletin/MS02-030.asp
  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • How To Automate Tasks in Azure SQL Database

      Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

    • Microsoft Open License To End Next Year for Government and Education Groups

      Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

    • Dealing with a Hyper-V VM That's Stuck on Screen

      A three-keystroke solution to a problem that has no discernible cause.

    • Weird Blue Tunnel Graphic

      Microsoft Goes Deep on 'Solorigate' Secondary Attack Methods

      Microsoft on Wednesday published an analysis of the second-stage "Solorigate" attack methods used by an advanced persistent threat (APT) attack group.

    comments powered by Disqus