Microsoft Patches 3 Security Holes

Microsoft issued three security bulletins this week fixing a critical flaw in DirectX, some important problems with SQL Server and a moderate security bug in Windows NT 4.0 Server.

The critical flaw in DirectX is a widespread problem affecting many versions of Windows. (See related story). The buffer overrun condition is exploited by sending a specially coded HTML e-mail or luring a user to a malicious Web page. Exploiting the problem is somewhat more difficult on systems running Windows Server 2003.

Microsoft rolled fixes for three newly discovered vulnerabilities in SQL Server into a new cumulative patch. The new SQL Server flaws require an authenticated user or a user on a local intranet to do the attacking. The bulletin describing the SQL Server problems is available at


Meanwhile, a flaw in a Windows NT 4.0 Server file management function permits a denial of service vulnerability. When the function receives a specially crafted request, the function can free memory that it doesn't own, causing the application passing the request to fail. Applications that are available remotely can use of the function, making it a problem that remote attackers can theoretically exploit.

Microsoft rates the problem a moderate risk. The bulletin and patch are available at

Microsoft puts out security bulletins on Wednesday evenings. It is the third consecutive week that Microsoft has released three security bulletins during its weekly update.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.