Microsoft Posts 3 Security Patches, None Critical -- Redmond Channel Partner

Microsoft Posts 3 Security Patches, None Critical

By Scott Bekker
March 09, 2004

Editor's Note: On Wednesday, March 10, Microsoft announced an important update to the Office XP security bulletin. The bulletin was re-released as a "critical" bulletin. Click here to read ENT's article on the change.

Microsoft released its monthly security patches for March on Tuesday. Three patches were released -- one for Windows 2000 Server, one for Office XP and one for MSN Messenger. None of the patches is critical.

The flaw in Windows 2000 Server has a maximum severity of moderate and could allow an attacker to cause Windows Media Services to stop accepting requests. The problem only affects systems that have Windows Media Services 4.1 installed. Although Windows Media Services 4.1 can be installed on Windows NT 4.0 servers, those systems are unaffected. The Windows Media Services 9.0 that ships with Windows Server 2003 is similarly unaffected. The bulletin, MS04-008, can be found here.

The Office XP problem carries a rating of important and could allow remote code execution. The flaw involves the way Outlook 2002 parses specially crafted mailto URLs. An attacker would have to entice a victim to click on a malicious Web site or HTML e-mail. The problem is also fixed in Office XP Service Pack 3. The security bulletin, MS04-009, is available here.

MSN Messenger's flaw is rated moderate in severity and could allow information disclosure on versions 6.0 and 6.1. The attack would require an attacker to know the screen name of the user, send a special request to the user, which, if successful would allow the attacker to view any files that the user has read access to on the system. Windows Messenger, another Microsoft instant messaging technology that ships with Windows XP, is not affected by the vulnerability. Information on the MSN Messenger bulletin, MS04-010, is available here.

Also on Tuesday, Microsoft re-released security bulletin MS03-022 with an improved installer. According to Microsoft's revised bulletin MS03-022, the original patch did not replace the vulnerable file in some cases. The flaw fixed in MS03-022, an important problem that could lead to code execution, also relates to Windows Media Services in Windows 2000.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Organizations that want to extend the life of their Windows 10 PCs can begin buying extension plans from Microsoft's Cloud Solution Provider (CSP) partners on Sept. 1.
2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft is readying a new "Windows endpoint security platform" as part of its Windows Resiliency Initiative (WRI).
Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

Forrester has singled out Microsoft as the leading cloud hyperscaler in the increasingly AI-driven field of enterprise security analytics.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Microsoft Posts 3 Security Patches, None Critical

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

So You Want To Be an MSP? Here's What It Really Takes

HPE Finalizes $14B Juniper Acquisition

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

Channel Veteran Dan Wensley Named GTIA CEO

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

So You Want To Be an MSP? Here's What It Really Takes

HPE Finalizes $14B Juniper Acquisition

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

Channel Veteran Dan Wensley Named GTIA CEO

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Tech Talk | Stop Buying What You Already Own: The MSP's Guide to Microsoft 365 Optimization

Veeam Data Cloud for Microsoft 365

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlocking the power of Microsoft 365 management: A toolkit for MSP success

How MSPs can future-proof Microsoft 365 management with automation and security

The future of M365 management