7 Bulletins for February Patch Tuesday

Microsoft on Tuesday released seven security bulletins, including two bulletins that addressed critical flaws affecting Windows. The other five bulletins included patches for flaws with a maximum severity rating of "important" in Windows and Office.

One of the critical bulletins (MS06-004) addressed a remote-code-execution flaw in Internet Explorer 5.01 running on Windows 2000, both with Service Pack 4. Like several recent Microsoft security problems, the flaw involves Windows Metafile (WMF) images. According to a Microsoft FAQ included with the bulletin, the flaw is unrelated to the other recent WMF problems. Fixed in a cumulative update for Internet Explorer, the WMF flaw is the only new flaw patched in the bulletin.

The other bulletin with a critical flaw, which could also allow an attacker to take complete control of a user's machine over the Internet, is MS06-005. The flaw involves the way Windows Media Player handles bitmap files, and is critical for Windows XP SP1 and SP2 and Windows Server 2003, Windows 98/SE/ME and Windows 2000 SP4. Unlike many recent critical flaws, the vulnerability was privately reported to Microsoft.

Other bulletins released Tuesday by Microsoft were:

  • Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
  • Vulnerability in TCP/IP Could Allow Denial of Service
  • Vulnerability in Web Client Service Could Allow Remote Code Execution
  • Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
  • Vulnerability in PowerPoint 2000 Could Allow Information Disclosure.

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    comments powered by Disqus
    Most   Popular

    SharePoint Watch

    Sign up for our newsletter.

    Terms and Privacy Policy consent

    I agree to this site's Privacy Policy.