3 Critical Bulletins in Microsoft's Monthly Patch Collection

Three critical security patches are included in Microsoft's bundle of security bulletins for November. The critical problems affect Internet Explorer, Windows and the Microsoft FrontPage Server Extensions.

Microsoft delivered its first bundle of patches under its new monthly schedule, which is to put out patches on the second Tuesday of every month. Microsoft released its first monthly bundle in October, but the company posted those patches on a Wednesday, which was Microsoft's weekly patching date.

The Internet Explorer patch is a cumulative patch that includes fixes for five new flaws. Although the patch is critical for all versions of Windows going back to Windows NT 4.0 Workstation SP6a and Windows 98, it is rated "moderate" for Windows Server 2003, which runs IE under an Enhanced Security Configuration mode by default. More information on the bulletin is available here.

The critical flaw in Windows involves an unchecked buffer in the Workstation service of Windows 2000 and Windows XP that can allow an attacker to remotely take complete control of a user's system. More information on the flaw is available here.

The other critical patch covers problems in FrontPage Server Extensions, a set of tools that can be installed on a Web site to allow management of the server and its content and to add Web site functionality such as search and forms support. The patch addresses two flaws. One of the flaws allows an attacker to take complete control of the server remotely; the other flaw provides an avenue for a denial-of-service attack. The security bulletin is available here.

Also included in the bundle of patches on Tuesday was an "important" patch for Microsoft Word and Excel and an "important" re-release of a 2002 patch, MS02-050. The Office programs patch fixes flaws in the way Word and Excel handle macro files. In some cases, an attacker could cause malicious code that executes when a user opens a malformed Word or Excel document. The flaw doesn't affect Word 2003 or Excel 2003. Details are available here.

The re-released patch from September 2002 addressed a flaw that made it possible for an attacker to spoof identities and, in some cases, gain control of a user's system. It affected Windows, Office for Mac and Internet Explorer. Microsoft re-released the bulletin because of regression problems that can arise when applying IE 6.0 Service Pack 1 on top of Windows 2000 Service Pack 4. Details are available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.