News

Microsoft Releases Three Critical Security Bulletins

Microsoft issued three critical security patches on its July patching day Tuesday, including the fix for a dangerous problem in the JVIEW Profiler for which Microsoft issued a kill bit last week.

The other security bulletins also dealt with critical remote code execution vulnerabilities. One involved Microsoft Word (MS05-035). The other stems from a problem in the Microsoft Color Management Module (MS05-036).

The JVIEW Profiler fix (MS05-037) was a quick turnaround for a full-fledged patch, given that Microsoft first acknowledged the problem in a security advisory June 30 and had rushed out a download last week for neutralizing the problem through a registry change. The patch in the security bulletin repackages the kill bit, and users who have already applied the kill bit don't need to the new patch.

Microsoft hadn't hinted that the JVIEW Profiler fix was coming in its advance notification last Thursday -- the advance notification indicated only that Windows and Office patches were coming while the security advisory about the JVIEW Profiler problem identified it as an Internet Explorer problem.

The problem is highly dangerous because details of the vulnerability had already become public, giving attackers something to work with in developing exploit code. Underscoring the severity of the issue, Microsoft raised the possibility in the advisory with the kill bit that it would issue a rare out-of-cycle patch as soon as one was ready instead of waiting for the next Patch Tuesday in August.

A number of platforms are affected by the issue. While the security advisory named only variants of Internet Explorer, the full-fledged patch lists Windows Server 2003, Windows XP, Windows 2000 and Windows 9.x among platforms affected.

So far this year, Microsoft has issued 37 security bulletins.

The new bulletins can be found here:

  • MS05-035 -- Word vulnerability
  • MS05-036 -- Microsoft Color Management Module
  • MS05-037 -- JVIEW Profiler

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Blue Squares Graphic

      Microsoft Previews Azure IoT Edge for Linux on Windows

      Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

    • How To Automate Tasks in Azure SQL Database

      Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

    • Microsoft Open License To End Next Year for Government and Education Groups

      Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

    • Dealing with a Hyper-V VM That's Stuck on Screen

      A three-keystroke solution to a problem that has no discernible cause.

    comments powered by Disqus