[ISN] Microsoft fixes three flaws in XP SP2
isn at c4i.org
Thu Dec 16 02:02:13 EST 2004
By Sam Varghese
December 15, 2004
Microsoft has released five security advisories for the month, all of
which are rated important - second on a four-tier scale devised by the
company - and affect various versions of Windows.
The advisories, released on Tuesday US time, included three patches
for holes in service pack 2 for Windows XP which was released in
August. One patch fixes a flaw in some versions of Windows which was
made public some weeks ago.
Earlier this month, Microsoft issued an out-of-schedule patch to fix a
critical flaw in Internet Explorer.
The flaws are in WordPad, the Dynamic Host Control Protocol
implementation in Windows NT 4.0, HyperTerminal, the Windows Kernel
and the Local Security Authority Subsystem Service and Windows
Internet Naming Service.
The company has not addressed a longstanding flaw in Windows 2000,
details of which were submitted by eEye Digital Security 134 days ago.
A week ago, Microsoft said it was yet to asecertain the severity of
A second vulnerability discovered by eEye affects Windows Me, Windows
2000, Windows XP and Windows 2003.
Both these vulnerabilities can be remotely exploited, according to
eEye, a company which has found numerous serious flaws in various
Windows versions in the past, including the vulnerabilities that
resulted in attacks by worms like Sasser, Witty, and Code Red.
More information about the ISN