Fast and Furious: 4 Patches Out of Microsoft Wednesday Night

Product pitches frequently allege that new security fixes come out of Microsoft on a daily basis. Most days that's an exaggeration.

Wednesday night, however, Microsoft made the hyperbole seem tame by posting four new security bulletins to its Web site. They involved critical vulnerabilities in SQL Server and the Windows Help Active X control and moderate vulnerabilities in three client versions of Windows and the Services for Unix 3.0 Interix SDK.

Microsoft issued its 54th, 55th, 56th and 57th security bulletins of 2002 on Wednesday night. The software giant is fast approaching the 60 bulletins it put out in all of 2001, but Microsoft is unlikely to surpass the 100 bulletins it issued in 2000. Altogether, the four bulletins included patches fixing 11 vulnerabilities. Four of the flaws represented critical problems.

MS02-054 addressed problems with an unchecked buffer in file decompression functions that could lead to code execution in Windows 98 with the Plus! pack, Windows Me and Windows XP. There were two vulnerabilities in the patch, both rating a "moderate" severity designation from Microsoft.

MS02-055 included a patch that fixed the critical buffer overrun flaw in the Windows Help ActiveX control as well as a moderate vulnerability offering attackers potential code execution through compiled HTML Help files. Those flaws affect every supported Windows client operating system from Windows 98 to Windows XP.

MS02-056 contains three fixes for critical problems in SQL Server and MSDE and another fix changing the way SQL Server operates. While Microsoft frequently issues patches to fix multiple problems, it is extremely rare for a patch to address more than one critical vulnerability -- let alone three. See related story.

MS02-057 has a patch that corrects three vulnerabilities of moderate severity in the Sun RPC library in Microsoft’s SFU 3.0 on the Interix software development kit.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.