News

Microsoft Posts Critical Windows Bulletin

A new Microsoft security bulletin includes patches for three Windows flaws, two of them critical problems that can permit attackers to take control of a system over the Internet.

All three flaws that are addressed in bulletin MS05-053 arise from the way Windows renders graphics from Windows Metafile (WMF), Enhanced Metafile (EMF) or both of the image formats. The bulletin posted Tuesday.

The first flaw, involving an unchecked buffer in the rendering of WMF and EMF, is critical for Windows 2000, Windows XP even with Service Pack 2 and Windows Server 2003 even with Service Pack 1.

The second flaw, stemming from an unchecked buffer in WMF rendering, is also critical for Windows 2000, Windows XP SP1 and the gold code version of Windows Server 2003. Windows XP SP2 and Windows Server 2003 SP1 are unaffected by the flaw.

An unchecked buffer in EMF rendering is the source of the third flaw. It is moderate for Windows 2000, Windows XP SP1 and Windows Server 2003. Again, Windows XP SP2 and Windows Server 2003 SP1 are unaffected.

Neither of the critical flaws had been publicly disclosed. The moderate flaw had been disclosed but Microsoft has not received any reports of exploit code being developed for it.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.