Advertisement
Promo

Security threats Toolkit

Microsoft wraps up patches for Christmas

Published: 15 Dec 2004 08:55 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft managed to give a small holiday gift to network administrators this month: no critical patches.

The software giant released five patches to fix nine issues in its Windows operating systems on Tuesday, with none of the security holes rated as a serious threat. Microsoft warned last week that the fix would be coming.

"All the flaws have something about them that makes it more difficult for an attacker to exploit them," said Stephen Toulouse, a security programme manager in Microsoft's security response centre.

Earlier this month, Microsoft issued an unscheduled critical patch for Internet Explorer. It plugged a security hole that opened PCs with the Web browser up to attack by online fraudsters.

The five December advisories are the last fixes scheduled for release this year. If the company does not release any more security bulletins this month, it will have released 45 patches in 2004, down from 51 in 2003.

Those numbers do not necessarily indicate that Microsoft has made progress in its fight against security vulnerabilities. The company frequently releases a single patch to correct multiple flaws, and in some cases, it quietly fixes additional problems without mentioning the issues in its advisories. In April, for example, it delivered four fixes to patch a score of issues, and in October, it issued 10 advisories to fix 22 flaws.

The current issues include problems with a format converter in WordPad software; flaws in the Microsoft implementation of Dynamic Host Configuration Protocol (DHCP), a standard for configuring small networks; an issue in the HyperTerminal application; and vulnerabilities in the Windows kernel. They also address two problems with the Windows Internet Naming Service (WINS) that were publicised last month.

The fixes variously affect a number of Windows operating systems. The latest version of Windows XP, known as Service Pack 2, requires three patches. For the most part, the effect of the nine flaws in the advisory was limited by the security updates in SP2, Microsoft's Toulouse said.

"We are seeing some indications that it is more resilient," he said.

Microsoft has recommended that all Windows XP users upgrade to Service Pack 2, which adds security features to Windows and removes applications that pose potential security risks. The patch can be downloaded through the Windows Update service.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
84 out of 177 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters