News

Microsoft Releases 9 Security Bulletins

• By Scott Bekker
• October 11, 2005

Microsoft on Tuesday released nine security bulletins for the month of October, and three of the bulletins carried a maximum severity rating of "critical." Eight of the bulletins address problems with Windows, while the other bulletin fixes a problem in Windows and Exchange Server. Of the eight Windows bulletins, three are critical, two are important and two are moderate.

All three of the critical bulletins patch flaws that could allow an attacker to take complete control of a system over the Internet.

One of the critical bulletins, a cumulative security update for Internet Explorer in MS05-052, contains a patch for a new flaw that is critical even for Internet Explorer 6 on Windows XP with Service Pack 2. Microsoft locked down IE in SP2, and normally newly discovered problems are less serious on that updated platform.

MS05-051, another critical bulletin, affects Windows 2000, Windows XP and Windows Server 2003. The bulletin bundles patches for four security flaws, and two of those are critical problems. A vulnerability in MSDTC that is patched in the bulletin is critical for Windows 2000 but less severe or even non-existent on more recent versions of Windows. A vulnerability in COM+ that is patched by the bulletin is critical for Windows 2000 and Windows XP Service Pack 1, but is downgraded to "important" for more recent versions.

The other critical bulletin involves a vulnerability in the Microsoft DirectShow component for streaming media that can allow remote code execution on all supported Windows platforms.

The bulletins are the 44th through 52nd of the year for the software giant.

Technical details on the new bulletins are available from Microsoft here.