News

3 Critical Bulletins in Microsoft's Monthly Patch Collection

Three critical security patches are included in Microsoft's bundle of security bulletins for November. The critical problems affect Internet Explorer, Windows and the Microsoft FrontPage Server Extensions.

Microsoft delivered its first bundle of patches under its new monthly schedule, which is to put out patches on the second Tuesday of every month. Microsoft released its first monthly bundle in October, but the company posted those patches on a Wednesday, which was Microsoft's weekly patching date.

The Internet Explorer patch is a cumulative patch that includes fixes for five new flaws. Although the patch is critical for all versions of Windows going back to Windows NT 4.0 Workstation SP6a and Windows 98, it is rated "moderate" for Windows Server 2003, which runs IE under an Enhanced Security Configuration mode by default. More information on the bulletin is available here.

The critical flaw in Windows involves an unchecked buffer in the Workstation service of Windows 2000 and Windows XP that can allow an attacker to remotely take complete control of a user's system. More information on the flaw is available here.

The other critical patch covers problems in FrontPage Server Extensions, a set of tools that can be installed on a Web site to allow management of the server and its content and to add Web site functionality such as search and forms support. The patch addresses two flaws. One of the flaws allows an attacker to take complete control of the server remotely; the other flaw provides an avenue for a denial-of-service attack. The security bulletin is available here.

Also included in the bundle of patches on Tuesday was an "important" patch for Microsoft Word and Excel and an "important" re-release of a 2002 patch, MS02-050. The Office programs patch fixes flaws in the way Word and Excel handle macro files. In some cases, an attacker could cause malicious code that executes when a user opens a malformed Word or Excel document. The flaw doesn't affect Word 2003 or Excel 2003. Details are available here.

The re-released patch from September 2002 addressed a flaw that made it possible for an attacker to spoof identities and, in some cases, gain control of a user's system. It affected Windows, Office for Mac and Internet Explorer. Microsoft re-released the bulletin because of regression problems that can arise when applying IE 6.0 Service Pack 1 on top of Windows 2000 Service Pack 4. Details are available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.

Most   Popular