Skip the navigation

Microsoft issues seven security patches

By Shelley Solheim
February 14, 2006 12:00 PM ET

IDG News Service - Microsoft Corp. today released seven software patches, including fixes for security flaws in Internet Explorer (IE) and Windows Media Player that were given critical severity ratings by the company.
But security researchers said that the latest monthly batch of patches from Microsoft isn't particularly ominous.
"These are seven of the most boring patches I've ever seen," said Russ Cooper, a senior information security analyst at Cybertrust Inc. in Herndon, Va., and editor of the NTBugtraq mailing list. "I think they were being nice to us on Valentine's Day so no one would be bogged down applying seven [patches] tonight."
"There's definitely no super-serious, freak-out vulnerability," agreed Mike Murray, director of vulnerability research at nCircle Network Security Inc., a security software vendor in San Francisco.
One of the critical patches provides a fix for a vulnerability in the way that IE handles Windows Metafile (WMF) images. However, the flaw affects only IE 5.01 Service Pack 4 running on Windows 2000 systems that have the SP4 version of the operating system installed, Microsoft said in a security bulletin.
The vulnerability could enable an attacker to construct a WMF image that would support the remote execution of code on systems if users viewed a malicious Web site, e-mail or e-mail attachment, according to Microsoft. If successful, an attacker could take control of an affected system.
Because the new vulnerability affects such a narrow scope of users, it isn't as severe as the WMF flaw that Microsoft patched early last month, ahead of the company's regular monthly patch release in January, said Michael Sutton, director of VeriSign Inc.'s iDefense Labs unit in Reston, Va. "We're not aware of any public exploit code for it at this time," Sutton said.
The other critical vulnerability affects the way that Windows Media Player processes bitmap (.bmp) files, Microsoft said. An attacker could exploit that flaw by creating a malicious .bmp file that could be used to execute code remotely or take control of systems if users visited a malicious Web site or viewed a specially crafted e-mail message.
Microsoft deemed the Media Player flaw to be critical for users of Windows XP SP1 and SP2 as well as Windows Server 2003, Windows 2000 SP4 and other earlier versions of the operating system.
The Media Player flaw could pose more of a ripe target for attackers than the WMF one does, Sutton cautioned. "Even though Windows Media Player is not something generally used to render images, it has the capability of doing that," he said. "It's not difficultto create a Web page that uses Windows Media Player to display an image instead of the default application."
The remaining five patches affect products such as PowerPoint and the Windows Web Client and were all rated as "important" fixes by Microsoft.

Reprinted with permission from IDG.net. Story copyright 2010 International Data Group. All rights reserved.
Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Security White Papers
Overcome Top 7 Admin Challenges of Active Directory
As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
Insiders Can Ruin Your Company. Take Action.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
X-Ray of the PCI Process-4 Proactive Steps
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
Identity Governance: The Business Imperatives
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make...
All Security White Papers
Security Webcasts
Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
Introduction to VMware vCenter Site Recovery Manager 5
Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
The Top Ten Secrets to Avoiding SAN Performance Problems
Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
Deduplication Without Compromise
Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
Director of Disk Products Discusses DXi6700
Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
All Security Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs