Microsoft Revises 2 Security Bulletins

Microsoft updated and reissued two security bulletins on Wednesday -- one from last year and one from last month.

The older security bulletin, MS02-040 was first posted July 31, 2002, and it addressed what Microsoft originally believed was a flaw in a SQL Server command. Microsoft recently determined that the flaw is in a Windows component and that all versions of Windows except for Windows Server 2003 are vulnerable to this critical problem. In the worse case, the vulnerability could allow an attacker to take control of a system.

The revised bulletin can be found at

Microsoft also issued a brand new bulletin on the issue for Windows users, under the bulletin number

Microsoft's other bulletin revision on Wednesday updated a July 23 bulletin that fixed a critical flaw in DirectX that could allow an attacker to execute code on a user's system. The new bulletin extends the fix to additional versions of DirectX.

The DirectX bulletin is available at

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.