Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Microsoft Patch Day Brings Urgent Updates

    Written by

    Ryan Naraine
    Published April 12, 2005
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The Microsoft security train made its scheduled monthly stop on Tuesday, dropping off eight updates to cover 18 vulnerabilities in a range of widely deployed products.

      Five of the eight advisories are rated “critical” and Redmond officials are urging customers to apply at least three immediately as high-priority updates.

      The top three include fixes for high-risk flaws in Microsoft Corp.s implementation of the TCP/IP stack; a cumulative patch for the Internet Explorer browser; and a patch for a remote code-execution hole in the enterprise-focused Microsoft Exchange Server.

      According to Stephen Toulouse, program manager at the Microsoft Security Response Center, the vulnerabilities discussed in the MS05-019 bulletin present the biggest threat to Microsoft Windows users because a successful exploit could allow a malicious hacker to take complete control of an affected system.

      In all, Microsoft is patching five vulnerabilities in the TCP/IP stack, the most serious of which could let an attacker install programs; view, change or delete data; or create new accounts with full user rights.

      /zimages/3/28571.gifClick here to read more about SP2s vulnerability to a denial-of-service attack.

      Successful exploits could also cause denial-of-service conditions, Toulouse said in an interview with eWEEK.com.

      Software affected by the TCP/IP vulnerabilities includes Windows 2000 Service Packs 3 and 4, Windows XP SP1 and SP2, Windows XP 64-Bit Edition, and Windows Server 2003. Patches were also shipped for the Windows 98 and Windows ME operating systems.

      For the second time this year, a cumulative update with a “critical” rating was released for the dominant Internet Explorer browser. The IE patch, covered in MS05-020, affects all operating systems up to and including Windows XP SP2. It addresses three separate code-execution vulnerabilities in IE that could lead to remote system takeover.

      /zimages/3/28571.gifTo read Larry Seltzers column on Microsofts patch-day system, click here.

      According to Microsofts advisory, one vulnerability is caused by the way IE handles certain DHTML (Dynamic HTML) objects. “An attacker could exploit the vulnerability by constructing a malicious Web page. This malicious Web page could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system,” the company warned.

      Code-execution holes have also been plugged in the way the browser handles Content Advisor files and certain URLs.

      Microsoft Exchange Server, which is widely employed in large corporations using Microsoft infrastructure solutions, is also vulnerable to a critical code-execution vulnerability. The MS05-021 update provides a fix for the issue, which can allow an attacker to connect to the SMTP port on an Exchange server and issue a specially crafted command. A successful attack could result in a denial of service or allow attackers to run malicious programs of their choice in the security context of the SMTP service.

      Customers running Microsoft Exchange 2000 Server SP3, Exchange Server 2003 and Exchange Server 2003 SP1 are affected.

      The April advisories also include fixes for a pair of buffer-overflow flaws in Microsoft Word, the popular word processor that ships as part of the Office suite.

      The MS05-023 update provides patches for the remote code-execution Word vulnerabilities.

      Both flaws could allow a malicious hacker to take complete control of a users PC by creating a document that contains malicious code and persuading the target to open the document.

      Customers affected include users of Microsoft Word 2000 and 2002, Microsoft Office Word 2003, and Microsoft Works Suite 2001, 2002, 2003 and 2004.

      For the second time this year, the MSN Messenger application has gotten a security makeover to correct a critical remote code-execution vulnerability. Patches have been included in the MS05-022 advisory, which applies to MSN Messenger Version 6.2. Users of the newest MSN Messenger 7.0 are not affected.

      The last three advisories (MS05-016, MS05-017 and MS05-018) are rated “important” and address flaws in Windows Shell, Message Queuing and the Windows Kernel.

      The software giant also released two non-security-related updates marked “high priority” through Windows Update to help provide all of the updates requiring a reboot in a single release cycle. These updates relate to the Microsoft Windows Installer and the Background Intelligent Transfer Service.

      The Redmond, Wash.-based companys worm-removal tool also got the scheduled monthly update to add detection for new viruses and threats.

      /zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Ryan Naraine

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.