News

Fast and Furious: 4 Patches Out of Microsoft Wednesday Night

Product pitches frequently allege that new security fixes come out of Microsoft on a daily basis. Most days that's an exaggeration.

Wednesday night, however, Microsoft made the hyperbole seem tame by posting four new security bulletins to its Web site. They involved critical vulnerabilities in SQL Server and the Windows Help Active X control and moderate vulnerabilities in three client versions of Windows and the Services for Unix 3.0 Interix SDK.

Microsoft issued its 54th, 55th, 56th and 57th security bulletins of 2002 on Wednesday night. The software giant is fast approaching the 60 bulletins it put out in all of 2001, but Microsoft is unlikely to surpass the 100 bulletins it issued in 2000. Altogether, the four bulletins included patches fixing 11 vulnerabilities. Four of the flaws represented critical problems.

MS02-054 addressed problems with an unchecked buffer in file decompression functions that could lead to code execution in Windows 98 with the Plus! pack, Windows Me and Windows XP. There were two vulnerabilities in the patch, both rating a "moderate" severity designation from Microsoft.

MS02-055 included a patch that fixed the critical buffer overrun flaw in the Windows Help ActiveX control as well as a moderate vulnerability offering attackers potential code execution through compiled HTML Help files. Those flaws affect every supported Windows client operating system from Windows 98 to Windows XP.

MS02-056 contains three fixes for critical problems in SQL Server and MSDE and another fix changing the way SQL Server operates. While Microsoft frequently issues patches to fix multiple problems, it is extremely rare for a patch to address more than one critical vulnerability -- let alone three. See related story.

MS02-057 has a patch that corrects three vulnerabilities of moderate severity in the Sun RPC library in Microsoft’s SFU 3.0 on the Interix software development kit.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.