Microsoft Patches More Windows Holes

The company on Tuesday releases four new collections of Windows fixes, three of which it has deemed critical.

Its security bulletin release Tuesday for Microsoft. The company issued four new security bulletins—all of which pertain to Windows vulnerabilities. Three of the new patches the company rated "critical," and the other, "important.

In the worst case, the new vulnerabilities could allow attackers to take control of users systems by installing programs; viewing, changing or deleting data; or creating new accounts with full privileges, Microsoft warned.

Bulletin MS04-011 pertains to a remote-code-execution vulnerability in all versions of Windows ranging from NT 4.0 to Windows XP and Windows Server 2003.

Bulletin MS04-012, a cumulative update for Microsofts remote procedure call/distributed component object model (RPC/DCOM) technologies, also applies to all versions of Windows ranging from NT 4.0 to Windows XP and Windows Server 2003.

/zimages/4/28571.gifA recent version of the Sober Worm came in e-mail messages claiming to be Microsoft security patch alerts. Click here to read more about the attack.

The third critical bulletin, Bulletin MS04-013, is a cumulative update for Outlook Express 5.5 and 6.0. As Outlook Express is part of many older versions of Windows, as well as current ones, Microsoft is recommending users of all Windows variants, starting with Windows 98, download and apply this update — even if Outlook Express is not the default e-mail reader on the system.

The fourth bulletin, labeled "important," is MS04-014, and pertains to a vulnerability in Microsofts Jet database engine 4.0. Microsoft is recommending that users running versions of Windows from Windows 98 to the current Windows XP and Windows Server 2003 apply the patch in order to head off possible buffer-overrun problems that could allow remote code execution on users systems.

On Tuesday, Microsoft also re-released several existing security bulletins (MS00-082, MS01-041, MS02-011 and MS03-046) to reflect update availability for Exchange 5.0.

/zimages/4/28571.gifTo read the full Microsoft Watch story, click here.

/zimages/4/28571.gifCheck out eWEEK.coms Security Center at for security news, views and analysis. Be sure to add our security news feed to your RSS newsreader or My Yahoo page: /zimages/4/19420.gif