News

7 Bulletins for February Patch Tuesday

Microsoft on Tuesday released seven security bulletins, including two bulletins that addressed critical flaws affecting Windows. The other five bulletins included patches for flaws with a maximum severity rating of "important" in Windows and Office.

One of the critical bulletins (MS06-004) addressed a remote-code-execution flaw in Internet Explorer 5.01 running on Windows 2000, both with Service Pack 4. Like several recent Microsoft security problems, the flaw involves Windows Metafile (WMF) images. According to a Microsoft FAQ included with the bulletin, the flaw is unrelated to the other recent WMF problems. Fixed in a cumulative update for Internet Explorer, the WMF flaw is the only new flaw patched in the bulletin.

The other bulletin with a critical flaw, which could also allow an attacker to take complete control of a user's machine over the Internet, is MS06-005. The flaw involves the way Windows Media Player handles bitmap files, and is critical for Windows XP SP1 and SP2 and Windows Server 2003, Windows 98/SE/ME and Windows 2000 SP4. Unlike many recent critical flaws, the vulnerability was privately reported to Microsoft.

Other bulletins released Tuesday by Microsoft were:

  • Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
  • Vulnerability in TCP/IP Could Allow Denial of Service
  • Vulnerability in Web Client Service Could Allow Remote Code Execution
  • Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
  • Vulnerability in PowerPoint 2000 Could Allow Information Disclosure.

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Microsoft, AT&T Ink Deal Around Microsoft 365, AI and Edge

      Microsoft put the spotlight on its strategic collaborations during Day 3 of Inspire, chief among them a "multiyear" alliance with AT&T.

    • The 2019 Microsoft Product Roadmap

      From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

    • Windows 10 Version 1903 Set for Wider Availability

      Microsoft alerted users that those not presently using the most current version of Windows 10 will soon be prompted to make the switch.

    • Silver Pins

      Microsoft Launches Preview of Azure Proximity Placement Groups

      Organizations managing complex applications in Azure can begin test-driving a new capability that helps alleviate network-latency concerns.