News

Microsoft Patch Day Brings 3 New Security Fixes

Tuesday was Microsoft's monthly patch day, and the company marked the date with three new security bulletins, including one critical new bulletin for Windows. In all Microsoft bundled four security bulletins, including one it issued for Internet Explorer last week outside its normal patch cycle.

The new critical Windows bulletin (MS04-007) involves an unchecked buffer, which could lead to a buffer overflow. The flaw affects Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003 and is rated critical across all the affected platforms.

The problem lies in the Microsoft Abstract Syntac Notation 1 (ASN.1) Library. Microsoft describes ASN.1 as a data standard used by applications and devices for allowing normalization and understanding of data across platforms. Windows NT 4.0 doesn't install the ASN.1 Library file by default, however, and the update may not be required for all Windows NT 4.0 systems.

Also critical is the bulletin for Internet Explorer, MS04-004, a cumulative bulletin for Internet Explorer that, among other things, aimed to fix the URL spoofing problem that enables a class of "phishing" scams. (See related story.) When it posted Feb. 2, MS04-004 was the first bulletin to be released outside of Microsoft's monthly patching cycle since the monthly program was introduced in October.

The patch day releases also include two security bulletins for vulnerabilities rated "important" by Microsoft.

One is a problem with the Windows Internet Naming Service (WINS) that could allow remote code execution. That vulnerability (MS04-006) affects supported versions of Windows servers but not Windows clients.

The other, MS04-005, is a problem in Microsoft Virtual PC for Mac.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.