Looking Backwards: 3 Security Patches Re-released
- By Scott Bekker
- June 02, 2003
Think your organization is up to date on its Microsoft security patches? Then make sure you've reviewed the events of the last week. Since Wednesday evening, Microsoft has re-released three security bulletins for reasons ranging from quality control problems to underestimates of the number of platforms affected by a threat to underestimates of the seriousness of a threat.
The quality control issue involves a Windows XP patch originally issued in April. Bulletin MS03-013 fixed an important flaw allowing a local elevation of privilege in Windows NT 4.0, Windows 2000 and Windows XP. But the medicine was worse than the cure for some customers with Windows XP Service Pack 1, where the patch could cause the system to slow to a crawl. Microsoft reissued the bulletin on Wednesday with a new patch for Windows XP Service Pack 1. The bulletin is available at www.microsoft.com/technet/security/bulletin/MS03-013.asp.
In another reissue, Microsoft put out a new version of bulletin MS03-007 from March. The original bulletin fixed a critical flaw involving WebDAV that only affected Windows 2000. It turns out the underlying flaw is in a core operating system component, ntdll.dll, which exists in both Windows XP and Windows NT 4.0. Fortunately, the flaw is less exposed in those two platforms, where Microsoft gives it an "important" severity rating rather than the "critical" rating for the Windows 2000 issue. Patches for the additional platform can be found at www.microsoft.com/technet/security/bulletin/MS03-007.asp.
On Friday, in a quicker turnaround, Microsoft reissued a bulletin that the company's security team had originally issued on Wednesday. The reason for the re-release is to slightly raise the estimate of the severity of the vulnerability being addressed.
The flaw exists in the ISAPI extension for Windows Media Services, and it gives an attacker a way to execute code on Windows NT 4.0 and Windows 2000. Microsoft originally rated the vulnerability as a "moderate" threat. "Subsequent to that release we have determined that the actions an attacker could take as a result of exploiting this vulnerability could include the ability to execute arbitrary code," Microsoft's bulletin states. Microsoft now rates the flaw "important," which is one rung below "critical." The patch for the vulnerability is unchanged and can be found with the original bulletin:
Scott Bekker is editor in chief of Redmond Channel Partner magazine.