By Robert Lemos, 15 December 2004 13:40
NEWS
Microsoft managed to give a small holiday gift to network administrators this month: no critical patches.
The software giant released five patches to fix nine issues in its Windows operating systems on Tuesday, with none of the security holes rated as a serious threat. Microsoft warned last week that the fix would be coming.
Stephen Toulouse, a security programme manager in Microsoft's security response centre , said: "All the flaws have something about them that makes it more difficult for an attacker to exploit them."
Earlier this month, Microsoft issued an unscheduled critical patch for Internet Explorer. It plugged a security hole that opened PCs with the web browser up to attack by online fraudsters.
The five December advisories are the last fixes scheduled for release this year. If the company does not release any more security bulletins this month, it will have released 45 patches in 2004, down from 51 in 2003.
The current issues include problems with a format converter in WordPad software; flaws in the Microsoft implementation of Dynamic Host Configuration Protocol (DHCP), a standard for configuring small networks; an issue in the HyperTerminal application; and vulnerabilities in the Windows kernel. They also address two problems with the Windows Internet Naming Service (WINS) that were publicised last month.
The fixes variously affect a number of Windows operating systems. The latest version of Windows XP, known as Service Pack 2, requires three patches. For the most part, the effect of the nine flaws in the advisory was limited by the security updates in SP2, Microsoft's Toulouse said.
"We are seeing some indications that it is more resilient," he said.
Microsoft has recommended that all Windows XP users upgrade to Service Pack 2, which adds security features to Windows and removes applications that pose potential security risks. The patch can be downloaded through the Windows Update service.
Robert Lemos writes for CNET News.com.
Comments
There is 1 comment. Join the discussion
1. anonymous
What happened to getting it right the first time? Service Pack 2 fouled up my computer requiring a "clean out" and installing all programs again. I have no idea why anyone would want to "hack" my computer it contains no personal info that I would not fly in the sky. Do I need to be concerned about all the patches that will problably foul up things again?