3 Critical Bulletins in Microsoft's Monthly Patch Collection

Three critical security patches are included in Microsoft's bundle of security bulletins for November. The critical problems affect Internet Explorer, Windows and the Microsoft FrontPage Server Extensions.

Microsoft delivered its first bundle of patches under its new monthly schedule, which is to put out patches on the second Tuesday of every month. Microsoft released its first monthly bundle in October, but the company posted those patches on a Wednesday, which was Microsoft's weekly patching date.

The Internet Explorer patch is a cumulative patch that includes fixes for five new flaws. Although the patch is critical for all versions of Windows going back to Windows NT 4.0 Workstation SP6a and Windows 98, it is rated "moderate" for Windows Server 2003, which runs IE under an Enhanced Security Configuration mode by default. More information on the bulletin is available here.

The critical flaw in Windows involves an unchecked buffer in the Workstation service of Windows 2000 and Windows XP that can allow an attacker to remotely take complete control of a user's system. More information on the flaw is available here.

The other critical patch covers problems in FrontPage Server Extensions, a set of tools that can be installed on a Web site to allow management of the server and its content and to add Web site functionality such as search and forms support. The patch addresses two flaws. One of the flaws allows an attacker to take complete control of the server remotely; the other flaw provides an avenue for a denial-of-service attack. The security bulletin is available here.

Also included in the bundle of patches on Tuesday was an "important" patch for Microsoft Word and Excel and an "important" re-release of a 2002 patch, MS02-050. The Office programs patch fixes flaws in the way Word and Excel handle macro files. In some cases, an attacker could cause malicious code that executes when a user opens a malformed Word or Excel document. The flaw doesn't affect Word 2003 or Excel 2003. Details are available here.

The re-released patch from September 2002 addressed a flaw that made it possible for an attacker to spoof identities and, in some cases, gain control of a user's system. It affected Windows, Office for Mac and Internet Explorer. Microsoft re-released the bulletin because of regression problems that can arise when applying IE 6.0 Service Pack 1 on top of Windows 2000 Service Pack 4. Details are available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.