News

7 Bulletins for February Patch Tuesday

Microsoft on Tuesday released seven security bulletins, including two bulletins that addressed critical flaws affecting Windows. The other five bulletins included patches for flaws with a maximum severity rating of "important" in Windows and Office.

One of the critical bulletins (MS06-004) addressed a remote-code-execution flaw in Internet Explorer 5.01 running on Windows 2000, both with Service Pack 4. Like several recent Microsoft security problems, the flaw involves Windows Metafile (WMF) images. According to a Microsoft FAQ included with the bulletin, the flaw is unrelated to the other recent WMF problems. Fixed in a cumulative update for Internet Explorer, the WMF flaw is the only new flaw patched in the bulletin.

The other bulletin with a critical flaw, which could also allow an attacker to take complete control of a user's machine over the Internet, is MS06-005. The flaw involves the way Windows Media Player handles bitmap files, and is critical for Windows XP SP1 and SP2 and Windows Server 2003, Windows 98/SE/ME and Windows 2000 SP4. Unlike many recent critical flaws, the vulnerability was privately reported to Microsoft.

Other bulletins released Tuesday by Microsoft were:

  • Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
  • Vulnerability in TCP/IP Could Allow Denial of Service
  • Vulnerability in Web Client Service Could Allow Remote Code Execution
  • Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
  • Vulnerability in PowerPoint 2000 Could Allow Information Disclosure.

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Microsoft Offers Support Extensions for Exchange 2016 and 2019

      Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

    • An image of planes flying around a globe

      2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

      Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

    • Notebook

      Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

      Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

    • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

      As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.