Fast and Furious: 4 Patches Out of Microsoft Wednesday Night

Product pitches frequently allege that new security fixes come out of Microsoft on a daily basis. Most days that's an exaggeration.

Wednesday night, however, Microsoft made the hyperbole seem tame by posting four new security bulletins to its Web site. They involved critical vulnerabilities in SQL Server and the Windows Help Active X control and moderate vulnerabilities in three client versions of Windows and the Services for Unix 3.0 Interix SDK.

Microsoft issued its 54th, 55th, 56th and 57th security bulletins of 2002 on Wednesday night. The software giant is fast approaching the 60 bulletins it put out in all of 2001, but Microsoft is unlikely to surpass the 100 bulletins it issued in 2000. Altogether, the four bulletins included patches fixing 11 vulnerabilities. Four of the flaws represented critical problems.

MS02-054 addressed problems with an unchecked buffer in file decompression functions that could lead to code execution in Windows 98 with the Plus! pack, Windows Me and Windows XP. There were two vulnerabilities in the patch, both rating a "moderate" severity designation from Microsoft.

MS02-055 included a patch that fixed the critical buffer overrun flaw in the Windows Help ActiveX control as well as a moderate vulnerability offering attackers potential code execution through compiled HTML Help files. Those flaws affect every supported Windows client operating system from Windows 98 to Windows XP.

MS02-056 contains three fixes for critical problems in SQL Server and MSDE and another fix changing the way SQL Server operates. While Microsoft frequently issues patches to fix multiple problems, it is extremely rare for a patch to address more than one critical vulnerability -- let alone three. See related story.

MS02-057 has a patch that corrects three vulnerabilities of moderate severity in the Sun RPC library in Microsoft’s SFU 3.0 on the Interix software development kit.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.