Microsoft Issues Three 'Critical' Patches

If it's the second Tuesday of the month, it's Microsoft patch day, and the software vendor issued six software patches, three ranked "critical." All three involved vulnerabilities that would have permitted an attacker to execute code remotely. Another was ranked as important, and two were described as moderate.

Microsoft issued MS05-038, which is a cumulative security update for Internet Explorer. The patch fixes a vulnerability that would let an attacker execute code remotely and take over an infected system.

Another patch, MS05-039, covers a vulnerability in Microsoft's Plug and Play that lets hackers take over a system through remote code execution and the elevation of administrative privileges.

The third critical patch, MS05-042, fixes a vulnerability in the Windows Print Spooler that would have allowed some to execute code remotely.

The other three patches include MS05-040, which addresses vulnerabilities in the Windows Telephony Service; MS05-04, which fixes a vulnerability in the Remote Desktop Protocol that could lead to a denial-of-service attack, and MS05-042, which patches vulnerabilities in Kerberos that could result in the disclosure of data and spoofing.

Jon Oltsik, an analyst at Enterprise Strategy Group, says Microsoft customers should install the patches for Internet Explorer to protect themselves from Web sites that could implant unauthorized software. "This fits into the spyware category," he says. The other vulnerabilities for which Microsoft issued patches are less threatening, he says, because they require more-sophisticated forms of attacks.