[ISN] Microsoft fixes three flaws in XP SP2

InfoSec News isn at c4i.org
Thu Dec 16 02:02:13 EST 2004


By Sam Varghese
December 15, 2004

Microsoft has released five security advisories for the month, all of 
which are rated important - second on a four-tier scale devised by the 
company - and affect various versions of Windows.

The advisories, released on Tuesday US time, included three patches 
for holes in service pack 2 for Windows XP which was released in 
August. One patch fixes a flaw in some versions of Windows which was 
made public some weeks ago.

Earlier this month, Microsoft issued an out-of-schedule patch to fix a 
critical flaw in Internet Explorer.

The flaws are in WordPad, the Dynamic Host Control Protocol 
implementation in Windows NT 4.0, HyperTerminal, the Windows Kernel 
and the Local Security Authority Subsystem Service and Windows 
Internet Naming Service.

The company has not addressed a longstanding flaw in Windows 2000, 
details of which were submitted by eEye Digital Security 134 days ago.

A week ago, Microsoft said it was yet to asecertain the severity of 
this bug.

A second vulnerability discovered by eEye affects Windows Me, Windows 
2000, Windows XP and Windows 2003.

Both these vulnerabilities can be remotely exploited, according to 
eEye, a company which has found numerous serious flaws in various 
Windows versions in the past, including the vulnerabilities that 
resulted in attacks by worms like Sasser, Witty, and Code Red.

More information about the ISN mailing list