Continuing its promise to release its most important security fixes on the second Tuesday of each month, Microsoft released security fixes yesterday--three for Windows (two critical) and one for Microsoft Office. In October, Microsoft began its new patch-release schedule in the wake of the MSBlaster and SoBig.F electronic attacks. This month's releases, however, were somewhat problematic for systems administrators at federal sites because yesterday was a US holiday. To alleviate these concerns, the Federal Computer Incident Response Center (FedCIRC) emailed many administrators at various US agencies to warn them the patches were coming. And Microsoft bundled together several patches to make rolling out the fixes easier. The three Windows patches fix eight vulnerabilities, for example. "We included several patches in some of the fixes," Stephen Toulouse, security program manager for the Microsoft Security Response Center (MSRC), said. "We are trying to drive the deployment of fixes for our customers. It is one of the things our customers have asked us to do." The Windows fixes involve several Microsoft Internet Explorer (IE) vulnerabilities, a security vulnerability in the Workstation service that could allow remote code execution, and various problems with digital certificates. These vulnerabilities affect Windows Server 2003, Windows XP, Windows 2000, Windows Me, and Windows NT 4.0. The Office fix addresses newly discovered problems in Microsoft Excel, Word, and Works Suite. That fix applies to Excel 2002, Excel 2000, and Excel 97; Word 2002, Word 2000, Word 98 (Macintosh), and Word 97; and Works Suite 2004, Works Suite 2003, Works Suite 2002, and Works Suite 2001. To find out more about the fixes, visit the Microsoft Security & Privacy Web site.
End of Article
Stephen Toulouse "... It is one of the things our customers have asked us to do.". I think that they would also ask to have the software operate *SECURELY* in the first place!
Don November 20, 2003
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
Don November 20, 2003