MS Releases A Bevy Of Security Updates

(Information Week) Security professionals anticipating monthly security updates from Microsoft on the second Tuesday of the month won’t be disappointed. Microsoft issued four security bulletins, MS04-011 through MS04-014, each fixing a series of security-related vulnerabilities. All four bulletins address more than 20 specific software security holes. Three of the four bulletins are rated as “critical,” the company’s most serious ranking. MS04-014 is ranked as “important.”

Many of the patches are cumulative fixes, which include new security fixes as well as patches previously released by Microsoft.

The flaws affect virtually every major Windows operating system currently supported: Windows NT Workstation 4.0, Windows NT Server 4.0 (including the Terminal Server Edition), Windows 2000, XP, as well as Windows Server 2003. One of the critical bulletins, MS04-13, also affects versions of the company’s desktop operating systems Windows 98, SE, and Windows Millennium Edition.

The impact of the vulnerabilities range from attackers potentially being able to escalate their “privilege”–access to systems–beyond their determined access levels to companies being susceptible to denial-of-service and “remote code execution” attacks. Generally, remote code execution flaws are the type of software security holes that make worm and virus attacks possible and could potentially let hackers attack systems over the Internet.

Microsoft is urging its customers to patch these flaws as soon as possible. More information and links to patches are available on Microsoft’s Web site, at www.microsoft.com/security.