3 Critical Bulletins in Microsoft's Monthly Patch Collection

Three critical security patches are included in Microsoft's bundle of security bulletins for November. The critical problems affect Internet Explorer, Windows and the Microsoft FrontPage Server Extensions.

Microsoft delivered its first bundle of patches under its new monthly schedule, which is to put out patches on the second Tuesday of every month. Microsoft released its first monthly bundle in October, but the company posted those patches on a Wednesday, which was Microsoft's weekly patching date.

The Internet Explorer patch is a cumulative patch that includes fixes for five new flaws. Although the patch is critical for all versions of Windows going back to Windows NT 4.0 Workstation SP6a and Windows 98, it is rated "moderate" for Windows Server 2003, which runs IE under an Enhanced Security Configuration mode by default. More information on the bulletin is available here.

The critical flaw in Windows involves an unchecked buffer in the Workstation service of Windows 2000 and Windows XP that can allow an attacker to remotely take complete control of a user's system. More information on the flaw is available here.

The other critical patch covers problems in FrontPage Server Extensions, a set of tools that can be installed on a Web site to allow management of the server and its content and to add Web site functionality such as search and forms support. The patch addresses two flaws. One of the flaws allows an attacker to take complete control of the server remotely; the other flaw provides an avenue for a denial-of-service attack. The security bulletin is available here.

Also included in the bundle of patches on Tuesday was an "important" patch for Microsoft Word and Excel and an "important" re-release of a 2002 patch, MS02-050. The Office programs patch fixes flaws in the way Word and Excel handle macro files. In some cases, an attacker could cause malicious code that executes when a user opens a malformed Word or Excel document. The flaw doesn't affect Word 2003 or Excel 2003. Details are available here.

The re-released patch from September 2002 addressed a flaw that made it possible for an attacker to spoof identities and, in some cases, gain control of a user's system. It affected Windows, Office for Mac and Internet Explorer. Microsoft re-released the bulletin because of regression problems that can arise when applying IE 6.0 Service Pack 1 on top of Windows 2000 Service Pack 4. Details are available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Talks Teams and SharePoint at Modern Workplace Event

    It's a hybrid world, but remote work is here to stay, according to Microsoft's Teams and SharePoint head Jeff Teper.

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

comments powered by Disqus