July's Security Bulletin From Microsoft Fixes 'Critical' Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

July's Security Bulletin From Microsoft Fixes 'Critical' Flaws

The holes affect various Microsoft operating system versions and apps ranging from Internet Explorer 6 SP1 to Windows Server 2003 Gold.

Microsoft on Tuesday released seven bulletins for security problems in Microsoft software that it assessed as "moderate" or "critical." Critical is the software maker's highest security rank. The designation often means the flaw can be exploited by remote attackers and could even be a target for a Sasser-style worm.

The flaws affect various Microsoft operating system versions and apps ranging from Internet Explorer 6 Service Pack 1 to Windows Server 2003 Gold.

Microsoft Security Bulletin MS04-023 addresses critical vulnerabilities within HTML Help. According to the bulletin, an attacker who exploited the most serious of these vulnerabilities could take complete control over an unpatched system. "We recommend that customers apply the update immediately," the bulletin warns.

Another patch that's part of bulletin MS04-022 addresses an unchecked buffer, or buffer overflow, error found within Microsoft Task Scheduler. According to Microsoft, it's possible for an attacker to gain complete control over a vulnerable system, including the ability to delete data and create new user accounts with full-access privileges.

More information about the vulnerabilities published today is available here.

Microsoft plans a Webcast Wednesday afternoon designed to help customers deploy July's security patches.

This month's scheduled patches came the same day the company revised its release date for a new patch-management tool, Windows Update Services. Windows Update Services, or WUS, is now due the first half of next year.

In an E-mailed response to questions regarding the delay, a Microsoft spokeswoman said that incorporating user feedback from WUS beta users is part of the delay. Also, Microsoft is developing a new automatic-update agent in Windows XP Service Pack 2 next month.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll