Microsoft Issues Monthly Security Rollup, Patches

Steve Ballmer wants Microsoft to become more predictable. Rather than suddenly spring word of product vulnerabilities on its customers, the software giant has released this month's batch of fixes inclusively. From this point forward, security advisories will bear news of exploits in a predictable monthly fashion.

Four of Wednesday's warnings revealed flaws in all supported editions of Windows that will allow a remote attacker to gain control over un-patched systems. Three affect Windows NT, 2000, XP and Server 2003, although one additional flaw only affects Windows 2000. These advisories, including others that were not deemed "critical," but important, are numbered MS03-041 – MS03-045.

In addition to the patches, Microsoft has distributed Update Rollup 1 for Windows XP. The update constitutes a reversal of Microsoft's position that it would rely on individual patches distributed via Windows Update.

Pressure has mounted on Redmond to tend to customers without broadband connections since BetaNews first reported that Windows XP SP2 was delayed until at least mid-2004.

Flaws in Microsoft Exchange Server software were also announced Wednesday. Exchange versions 5.5 and 2000 are affected by bulletins MS03-046 – 47. Exchange Server 2003 is not at risk.

Through its "Protect Your PC" campaign, Microsoft will begin improving patch distribution, institute global education programs and introduce new safety technologies. The Protect Your PC homepage hosts information on how to avoid being at risk from all current and future vulnerabilities.