News

7 Bulletins for February Patch Tuesday

Microsoft on Tuesday released seven security bulletins, including two bulletins that addressed critical flaws affecting Windows. The other five bulletins included patches for flaws with a maximum severity rating of "important" in Windows and Office.

One of the critical bulletins (MS06-004) addressed a remote-code-execution flaw in Internet Explorer 5.01 running on Windows 2000, both with Service Pack 4. Like several recent Microsoft security problems, the flaw involves Windows Metafile (WMF) images. According to a Microsoft FAQ included with the bulletin, the flaw is unrelated to the other recent WMF problems. Fixed in a cumulative update for Internet Explorer, the WMF flaw is the only new flaw patched in the bulletin.

The other bulletin with a critical flaw, which could also allow an attacker to take complete control of a user's machine over the Internet, is MS06-005. The flaw involves the way Windows Media Player handles bitmap files, and is critical for Windows XP SP1 and SP2 and Windows Server 2003, Windows 98/SE/ME and Windows 2000 SP4. Unlike many recent critical flaws, the vulnerability was privately reported to Microsoft.

Other bulletins released Tuesday by Microsoft were:

  • Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
  • Vulnerability in TCP/IP Could Allow Denial of Service
  • Vulnerability in Web Client Service Could Allow Remote Code Execution
  • Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
  • Vulnerability in PowerPoint 2000 Could Allow Information Disclosure.

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

      The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

    • An image of planes flying around a globe

      2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

      Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

    • Microsoft to Shut Down Skype Services

      Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

    • Big Blue To Acquire Datastax in Enterprise AI Play

      In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.