July's Security Bulletin From Microsoft Fixes 'Critical' Flaws - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
7/13/2004
05:55 PM
50%
50%

July's Security Bulletin From Microsoft Fixes 'Critical' Flaws

The holes affect various Microsoft operating system versions and apps ranging from Internet Explorer 6 SP1 to Windows Server 2003 Gold.

Microsoft on Tuesday released seven bulletins for security problems in Microsoft software that it assessed as "moderate" or "critical." Critical is the software maker's highest security rank. The designation often means the flaw can be exploited by remote attackers and could even be a target for a Sasser-style worm.

The flaws affect various Microsoft operating system versions and apps ranging from Internet Explorer 6 Service Pack 1 to Windows Server 2003 Gold.

Microsoft Security Bulletin MS04-023 addresses critical vulnerabilities within HTML Help. According to the bulletin, an attacker who exploited the most serious of these vulnerabilities could take complete control over an unpatched system. "We recommend that customers apply the update immediately," the bulletin warns.

Another patch that's part of bulletin MS04-022 addresses an unchecked buffer, or buffer overflow, error found within Microsoft Task Scheduler. According to Microsoft, it's possible for an attacker to gain complete control over a vulnerable system, including the ability to delete data and create new user accounts with full-access privileges.

More information about the vulnerabilities published today is available here.

Microsoft plans a Webcast Wednesday afternoon designed to help customers deploy July's security patches.

This month's scheduled patches came the same day the company revised its release date for a new patch-management tool, Windows Update Services. Windows Update Services, or WUS, is now due the first half of next year.

In an E-mailed response to questions regarding the delay, a Microsoft spokeswoman said that incorporating user feedback from WUS beta users is part of the delay. Also, Microsoft is developing a new automatic-update agent in Windows XP Service Pack 2 next month.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll