Fast and Furious: 4 Patches Out of Microsoft Wednesday Night

Product pitches frequently allege that new security fixes come out of Microsoft on a daily basis. Most days that's an exaggeration.

Wednesday night, however, Microsoft made the hyperbole seem tame by posting four new security bulletins to its Web site. They involved critical vulnerabilities in SQL Server and the Windows Help Active X control and moderate vulnerabilities in three client versions of Windows and the Services for Unix 3.0 Interix SDK.

Microsoft issued its 54th, 55th, 56th and 57th security bulletins of 2002 on Wednesday night. The software giant is fast approaching the 60 bulletins it put out in all of 2001, but Microsoft is unlikely to surpass the 100 bulletins it issued in 2000. Altogether, the four bulletins included patches fixing 11 vulnerabilities. Four of the flaws represented critical problems.

MS02-054 addressed problems with an unchecked buffer in file decompression functions that could lead to code execution in Windows 98 with the Plus! pack, Windows Me and Windows XP. There were two vulnerabilities in the patch, both rating a "moderate" severity designation from Microsoft.

MS02-055 included a patch that fixed the critical buffer overrun flaw in the Windows Help ActiveX control as well as a moderate vulnerability offering attackers potential code execution through compiled HTML Help files. Those flaws affect every supported Windows client operating system from Windows 98 to Windows XP.

MS02-056 contains three fixes for critical problems in SQL Server and MSDE and another fix changing the way SQL Server operates. While Microsoft frequently issues patches to fix multiple problems, it is extremely rare for a patch to address more than one critical vulnerability -- let alone three. See related story.

MS02-057 has a patch that corrects three vulnerabilities of moderate severity in the Sun RPC library in Microsoft’s SFU 3.0 on the Interix software development kit.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.