News

Microsoft Patch Day Brings 3 New Security Fixes

Tuesday was Microsoft's monthly patch day, and the company marked the date with three new security bulletins, including one critical new bulletin for Windows. In all Microsoft bundled four security bulletins, including one it issued for Internet Explorer last week outside its normal patch cycle.

The new critical Windows bulletin (MS04-007) involves an unchecked buffer, which could lead to a buffer overflow. The flaw affects Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003 and is rated critical across all the affected platforms.

The problem lies in the Microsoft Abstract Syntac Notation 1 (ASN.1) Library. Microsoft describes ASN.1 as a data standard used by applications and devices for allowing normalization and understanding of data across platforms. Windows NT 4.0 doesn't install the ASN.1 Library file by default, however, and the update may not be required for all Windows NT 4.0 systems.

Also critical is the bulletin for Internet Explorer, MS04-004, a cumulative bulletin for Internet Explorer that, among other things, aimed to fix the URL spoofing problem that enables a class of "phishing" scams. (See related story.) When it posted Feb. 2, MS04-004 was the first bulletin to be released outside of Microsoft's monthly patching cycle since the monthly program was introduced in October.

The patch day releases also include two security bulletins for vulnerabilities rated "important" by Microsoft.

One is a problem with the Windows Internet Naming Service (WINS) that could allow remote code execution. That vulnerability (MS04-006) affects supported versions of Windows servers but not Windows clients.

The other, MS04-005, is a problem in Microsoft Virtual PC for Mac.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.