Microsoft Releases 9 Security Bulletins

Microsoft on Tuesday released nine security bulletins for the month of October, and three of the bulletins carried a maximum severity rating of "critical." Eight of the bulletins address problems with Windows, while the other bulletin fixes a problem in Windows and Exchange Server. Of the eight Windows bulletins, three are critical, two are important and two are moderate.

All three of the critical bulletins patch flaws that could allow an attacker to take complete control of a system over the Internet.

One of the critical bulletins, a cumulative security update for Internet Explorer in MS05-052, contains a patch for a new flaw that is critical even for Internet Explorer 6 on Windows XP with Service Pack 2. Microsoft locked down IE in SP2, and normally newly discovered problems are less serious on that updated platform.

MS05-051, another critical bulletin, affects Windows 2000, Windows XP and Windows Server 2003. The bulletin bundles patches for four security flaws, and two of those are critical problems. A vulnerability in MSDTC that is patched in the bulletin is critical for Windows 2000 but less severe or even non-existent on more recent versions of Windows. A vulnerability in COM+ that is patched by the bulletin is critical for Windows 2000 and Windows XP Service Pack 1, but is downgraded to "important" for more recent versions.

The other critical bulletin involves a vulnerability in the Microsoft DirectShow component for streaming media that can allow remote code execution on all supported Windows platforms.

The bulletins are the 44th through 52nd of the year for the software giant.

Technical details on the new bulletins are available from Microsoft here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Azure Networking Enhancements Announced at Ignite

    Azure networking improvements were announced by Microsoft as part of its Ignite Conference.

  • How To Reclaim Your Privacy from Windows 10, Part 2

    These are the top four privacy settings to check in your Windows device to make sure Microsoft doesn't collect any data you don't want it to.

  • Microsoft Releases Out-of-Band Security Patches for Exchange Server

    Microsoft on Tuesday released out-of-band security patches for Exchange Server to address multiple zero-day flaws that are currently being exploited in active attacks.

  • Microsoft Mesh for Building Mixed Reality Apps Highlighted at Ignite

    The Microsoft Ignite Day 1 keynote presentations were heavy with talk about Microsoft Mesh, a new Microsoft Azure-based platform for building "cross-platform mixed reality apps" for multiple participants.

comments powered by Disqus