Patch Tuesday Brings 8 Bulletins, 5 Critical

Microsoft on Tuesday released eight security bulletins as part of its monthly patching cycle. Five of the patches addressed critical security flaws, while three fixed important security bugs. Microsoft also released two non-security updates for Windows and re-released two security bulletins.

Critical flaws affecting Windows were a TCP/IP problem and an Internet Explorer problem. Other critical bulletins addressed problems in Exchange Server, MSN Messenger and Microsoft Word. An attacker can use any of the five flaws to take complete control of an affected system. The Windows flaws with Microsoft's less-serious "important" rating occurred in the shell, the kernel and with Microsoft Message Queuing.

Customers who have already applied Windows Server 2003 Service Pack 1, which posted March 30, are not affected by the Windows flaws. The re-released bulletins are MS05-002 for Windows 98/98 SE/ME and MS05-009 for Windows Messenger.

The Tuesday patch release marks the first time Microsoft included details of non-security Windows updates being posted at the same time. They include updates for the Windows Installer and the Background Intelligent Transfer Service (BITS).

Microsoft's malicious software removal tool also got an update. As of Tuesday, it now removes Hacker Defender, Mimail and Rbot and new variants of the Berbew, Bropia Gaobot, MyDoom and Sober worms.

More information on the updates is available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.