Yesterday, the Microsoft Security Response Center (MSRC) issued three new security bulletins, none of which is rated critical. One bulletin is rated important; the other two have moderate ratings. The bulletins highlight security flaws in Windows Media Services, Microsoft Office XP, and MSN Messenger, the company noted. The Office security flaw is the only vulnerability that could let malicious attackers run unwanted code on users' systems. The flaw affects systems running Office XP Service Pack 2 (SP2) and Microsoft Outlook 2002 SP2. The moderate security flaw for MSN Messenger 6.1 and MSN Messenger 6.0 could let attackers view--but not change or download--files on the victim's computer. Microsoft will fix the flaw in an upcoming version of the Instant Messaging (IM) application the company plans to issue. The moderate security flaw in Windows Media Services, which affects Windows 2000 SP4, SP3, and SP2, could let attackers send fake streaming-media requests that could shut down the service. That situation would be, in effect, a Denial of Service (DoS) attack. Microsoft switched to a monthly security-update release schedule last fall. "Microsoft is committed to helping customers keep their information safe, and releasing security bulletins on a regular, monthly schedule makes security response more predictable and easier for customers to manage," a company representative told me. You can download the patches that fix this month's security flaws from the Microsoft Web site.
Reader Comments
"On Tuesday, Microsoft's Security Response Center issued three new security bulletins, none of which are rated critical; one bulletin is rated important, while the other two are moderate. The bulletins highlight security flaws in Windows Media Services, Office XP, and MSN Messenger, the software giant notes."
Yes. Thanks to Microsoft's policy of reclassifying certain exploits as important rather than critical, they get to make Windows look more secure. Nice one!
David -March 10, 2004
Outlook one (MS04-009) updated to Critical per March Security Patch Update Webcast announced 11:10 AM PST. Revised bulletin expected.
Kizzy -March 10, 2004
Huh. Interesting. None of them are available on the Windows Update website. At least my brand-spankin'-new copy of XP couldn't find them there.
Isn't that what the Windows Update site is for?
Editor's note: Windows Update is for Windows updates (thus the name). Only the Windows Media Services bug affects Windows systems and even then, it's just servers systems. If you're running Windows Server (2000 or 2003) with WMS installed, you'll see that patch. --Paul
Wendy Rebecca -March 10, 2004
Seems everyone missed the news the Microsoft released Office XP Service Pack 3 on Tuesday as well. It also seems that the latest Office fix is already incorporated into SP3. Another thing to note on the service pack, it seems its cumulative with all SP1, SP2, and post fixes!
Free CDs Offer Fundamental Content for IT Pros Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
