Microsoft Releases Three Critical Security Bulletins
- By Scott Bekker
Microsoft issued three critical security patches on its July patching day Tuesday, including the fix for a dangerous problem in the JVIEW Profiler for which Microsoft issued a kill bit last week.
The other security bulletins also dealt with critical remote code execution vulnerabilities. One involved Microsoft Word (MS05-035). The other stems from a problem in the Microsoft Color Management Module (MS05-036).
The JVIEW Profiler fix (MS05-037) was a quick turnaround for a full-fledged patch, given that Microsoft first acknowledged the problem in a security advisory June 30 and had rushed out a download last week for neutralizing the problem through a registry change. The patch in the security bulletin repackages the kill bit, and users who have already applied the kill bit don't need to the new patch.
Microsoft hadn't hinted that the JVIEW Profiler fix was coming in its advance notification last Thursday -- the advance notification indicated only that Windows and Office patches were coming while the security advisory about the JVIEW Profiler problem identified it as an Internet Explorer problem.
The problem is highly dangerous because details of the vulnerability had already become public, giving attackers something to work with in developing exploit code. Underscoring the severity of the issue, Microsoft raised the possibility in the advisory with the kill bit that it would issue a rare out-of-cycle patch as soon as one was ready instead of waiting for the next Patch Tuesday in August.
A number of platforms are affected by the issue. While the security advisory named only variants of Internet Explorer, the full-fledged patch lists Windows Server 2003, Windows XP, Windows 2000 and Windows 9.x among platforms affected.
So far this year, Microsoft has issued 37 security bulletins.
The new bulletins can be found here:MS05-035 -- Word vulnerability
MS05-036 -- Microsoft Color Management Module
MS05-037 -- JVIEW Profiler
About the Author
Scott Bekker is editor in chief of Redmond Channel Partner magazine.