News

7 Bulletins for February Patch Tuesday

Microsoft on Tuesday released seven security bulletins, including two bulletins that addressed critical flaws affecting Windows. The other five bulletins included patches for flaws with a maximum severity rating of "important" in Windows and Office.

One of the critical bulletins (MS06-004) addressed a remote-code-execution flaw in Internet Explorer 5.01 running on Windows 2000, both with Service Pack 4. Like several recent Microsoft security problems, the flaw involves Windows Metafile (WMF) images. According to a Microsoft FAQ included with the bulletin, the flaw is unrelated to the other recent WMF problems. Fixed in a cumulative update for Internet Explorer, the WMF flaw is the only new flaw patched in the bulletin.

The other bulletin with a critical flaw, which could also allow an attacker to take complete control of a user's machine over the Internet, is MS06-005. The flaw involves the way Windows Media Player handles bitmap files, and is critical for Windows XP SP1 and SP2 and Windows Server 2003, Windows 98/SE/ME and Windows 2000 SP4. Unlike many recent critical flaws, the vulnerability was privately reported to Microsoft.

Other bulletins released Tuesday by Microsoft were:

  • Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
  • Vulnerability in TCP/IP Could Allow Denial of Service
  • Vulnerability in Web Client Service Could Allow Remote Code Execution
  • Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
  • Vulnerability in PowerPoint 2000 Could Allow Information Disclosure.

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Microsoft Appoints Althoff as New CEO for Commercial Business

      Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

    • Broadcom Revamps VMware Partner Program Again

      Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

    • Closeup of the new Copilot keyboard key

      Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

      Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

    • Windows 365 Cloud Apps Now Available for Public Preview

      Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.