7 Bulletins for February Patch Tuesday
- By Scott Bekker
Microsoft on Tuesday released seven security bulletins, including two bulletins that addressed critical flaws affecting Windows. The other five bulletins included patches for flaws with a maximum severity rating of "important" in Windows and Office.
One of the critical bulletins (MS06-004) addressed a remote-code-execution flaw in Internet Explorer 5.01 running on Windows 2000, both with Service Pack 4. Like several recent Microsoft security problems, the flaw involves Windows Metafile (WMF) images. According to a Microsoft FAQ included with the bulletin, the flaw is unrelated to the other recent WMF problems. Fixed in a cumulative update for Internet Explorer, the WMF flaw is the only new flaw patched in the bulletin.
The other bulletin with a critical flaw, which could also allow an attacker to take complete control of a user's machine over the Internet, is MS06-005. The flaw involves the way Windows Media Player handles bitmap files, and is critical for Windows XP SP1 and SP2 and Windows Server 2003, Windows 98/SE/ME and Windows 2000 SP4. Unlike many recent critical flaws, the vulnerability was privately reported to Microsoft.
Other bulletins released Tuesday by Microsoft were:Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
Vulnerability in TCP/IP Could Allow Denial of Service
Vulnerability in Web Client Service Could Allow Remote Code Execution
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
Vulnerability in PowerPoint 2000 Could Allow Information Disclosure.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.