Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Microsoft Patches Six Vulnerabilities

By Ed Oswald, BetaNews

August 9, 2005, 3:33 PM

Microsoft released six security patches Tuesday as part of its monthly initiative to fix vulnerabilities within the Windows operating system. Three of the vulnerabilities have been marked "critical," one "important," and two as "moderate" in severity.

One of the critical software patches fixes a flaw within the print spooler that could allow for remote code to be executed.

The other two critical fixes are more severe in their possible consequences: one that corrects several vulnerabilities within Internet Explorer, and another that fixes a Plug and Play flaw. In a worst-case scenario, a hacker could exploit either flaw to gain complete control of an affected Windows system.

Microsoft also fixed a vulnerability in the Telephony Application Programming Interface, or TAPI, that could allow for remote code execution. The problem mainly affects users of Windows 2000 and Server 2003 who have manually enabled the telephony server feature of the operating systems.

Finally, two moderate risk issues were patched in Tuesday's release, including a flaw in the Remote Desktop application that an attacker could use to cause a Windows computer to freeze and crash, and vulnerabilities within Kerberos, an authentication scheme used by the operating system.

According to Microsoft, the worst of the vulnerabilities could result in a denial of service attack on the affected machine. Customers can download the patches immediately from the Microsoft Download Center or wait and receive them automatically through Windows Update.

Add a Comment (22 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By mahlerscom

posted Aug 30, 2006 - 4:12 PM

Hiya,

My computer, froze up real bad. At 1st, I thought it was a relatively new (but old) so called but not officially known as virus named "Recycler Virus". Only 1 company (of Asian www address name) claims it is a virus and what they told me is it changes the windows registry (Windows XP) and none of what they listed actually occured in my Home Edition w/SP2. BUT that damned thing could not be deleted and resurfaced AFTER formatting the computer and a quick visit to windows update and sophos.com (antivirus). The computer would freeze upon any bootup except administrator in safe mode (any version of safe mode in xp)

Okay. Next thing. Anybody study Hinduism? Remember Bill Gates transfered a huge relationship to India years ago? Them Indians activate Windows XP by phone. Can anyone tell me how the windows confirmation will tell me i got a digit (number) wrong if my computer does not have the confirmation ID at all and randomly generates the 9 group series of 6 numbers? Oh, BTW, not connected to any wiring hard or wireless and no internet at all too. The man on the phone with me told me that the confirmation ID number is randomly generated there at his office. It was 7:15 a. m. there, near 10 pm est here. Hinduism & MTV. A man stands on the shore of the Indian Ocean and a woman in Maine w/o photos, computers, internet, phone, tv can see what he sees there. MTV had a video of four women in different places of the Earth could see what any one of the others could see - by the minds eye.

This is your computer, Apple Mac, Linux or PC Windows (any version). This is your brain behind your eyes. Mix it all together and you got.

Well you got the 21st century at (mostly your) command.

Windows Vista anybody? Heh, A Microsoft Tech Support person told me via phone that when Vista is in one computer and you remove that hard drive (for any reason) and put it in an identical / replica computer, the hard drive will not boot up and you will be lucky if you can format the hard drive.

It's called encryption (if you did not know).

Regarding the Homeland Security Department announcement back in early August 2006 about a flaw in Microsofts OS's and get the patch. Some of us, most of us and maybe all of know now that the patch froze computers and corrupted memory. If not that patch, one or two or three recently released this August 2006.

How many "illegal" copies of Vista are around? Hey, if it weren't for "illegal", well remember Napster and KaZaA - IMHO they weren't illegal, just a pain in thy AS* for anybody exept the user. Okay, there were problems there too.

Um, did Microsoft tell you outright up front and before you installed the update that your XP/98SE/98/ME/95 was subject to "beta" testing by them or anyone else regarding encryption - Vista? Did anyone tell you? Oh, if you are like me, you were somewhat aware of "use at your own risk" policy, stated or not stated by any company/friend/stranger anywhere.

As I was typing this all up, a passerby more than 30 feet away outside this window said aloud "powerful". Ya, the part about Hinduism is indeed powerful and add the brain meets the computer and MTV too, that's really powerful.

I'm thinking by 2050 I would be able to put on a pair of sunglasses and watch TV or read email on 1/2 a lense while driving down the road (he he he he) and listen to the next U2 or W. K. Mahler from the earpiece embedded on the sunglass arm.....

Remember, if I want to recycle computer parts (Recycler Virus) I oughta be able to anytime I want. Just imagine your dad's doctor planning your dads open heart surgery and the doctors computer fries but the hard drive is good. With Vista, it better be usable.

Luv ya some, luv ya not at all.

Sincerely,

William K. Mahler
http://www.mahlers.com
SKYPE ID: mahlersdotcom

...still installing all new stuff into this computer, new HD, new CMOS battery, after all even my HD was not recognized in its true model number and sometimes was not there at all in the last week.

PS. Anybody want to catch a sniper? How about find your hard drive when (I'm hoping not) it's stolen.

Read this:

X Marks the Sniper:
Tracking Bullets to Save Lives

http://www.research.uky....ssey/fall05/sniper.html

Score: 0

By Drake34

edited Aug 15, 2005 - 11:14 AM

Yep and these patches have successfully hosed my machine. It locks up every 15 minutes after installing them. Machine was running flawless until last Tuesday. No viruses or spyware either. Way to go MS. :(

BTW if you check out MS's newsgroups there are quite a few people having this problem.

Score: 0

By cranbers

posted Aug 11, 2005 - 4:14 PM

How embarassing, microsoft is the most powerful, richest company, their operating system runs on 90 percent of computers in the world. How do you make mistakes, why are you so slow, why do you not inovate, why do you steal ideas, why dont you take your billion a month you make and reinvest it in your cash cow dripping pure diamonds of an operating system? I pray google and apple eat you alive slowly. They should have broke you up, maybe we would have some real competition, inovation and most important lower prices. All I have to say to back that up, look at how old, crusty, broken and frail your beloved internet explorer is. It took Firefox stealing 10 percent of your market share to even mention it. Yes I feel microsoft is evil in that they will only do anything for their customer base for CASH. No loyalty what so ever.

Score: 0

By rob1479

posted Aug 14, 2005 - 4:56 AM

You know cranberbers, google and apple are corporations too.

Score: 0

By computershack

posted Aug 11, 2005 - 7:42 PM

Like Linux doesn't have any security issues.....

Score: 0

By MikeDiack

posted Aug 11, 2005 - 11:08 AM

We've had major problems with the patches from Microsoft - can others comment - have you seen similar problems?

Running Windows XP SP2 on several machines:

1) McAfee 8 Virusscan no longer auto updates - running its update tool, informs us that the common framework won't run!
2) The search button on the start button doesn't do anything
3) Windows Installer no longer allows us to successfully install/uninstall anything.
4) The debugger in Visual Studio 2003 tells us we don't have permissions/access rights to debug even when we try it with admin priviledges!

We've seen this on several machines now and the only way we've been able to cure it is to do a system restore to "roll back" to before we installed the patches.

Just out of interest the set of patches we applied were KB's: 899588, 893756, 899591, 899587, 896423, 894391, 890830

Can anyone else share their experiences? Are these patches broken?

Mike

Score: 0

By wat0114

posted Aug 11, 2005 - 12:41 PM

That's disconcerting news Mike. Personally, I haven't noticed those issues yet on my system. I'll check carefully when I get home later. BTW, isn't it possible just to un-install those updates, rather than do a System Restore?

Score: 0

By qwertyu

posted Aug 10, 2005 - 5:30 PM

Unofficial Preview of Windows XP SP3
http://www.windows-xp-sp3.host.sk

Score: 0

By normangerman

posted Aug 11, 2005 - 9:18 AM

Carefactor: 0!

Does it exist: No!

Score: 0

By qwertyu

posted Aug 16, 2005 - 6:17 AM

hm, i see, that the page was updated today

Score: 0

By ArabianNight

posted Aug 10, 2005 - 11:32 AM

How come I never saw them when I went to Windows Update?

Score: 0

By sophist_dreams

edited Aug 10, 2005 - 11:46 AM

Because the geniuses at microspud posted corrupted files and they had to shut off the downloads. They should be there now.

Quote

Download Problem Interferes with IE Patch Release
Microsoft late Tuesday confirmed that its "critical" Internet Explorer patches had to be pulled after a hiccup caused some of the downloads to be corrupted.
The glitch was detected by users attempting to install the IE patch from the Microsoft Download center.
"Shortly after we released the updates this morning we found that several of the Internet Explorer updates provided only to the Download Center were corrupted, breaking the digital signature and preventing them from installing," a post on the official Internet Explorer Weblog said.
"We've identified the problem, removed the affected updates from the Download Center, and will repost them shortly to correct the issue," said Jeremy Mazner, technical evangelist for Windows Vista and IE.

UnQuote

Score: 0

By wat0114

edited Aug 10, 2005 - 12:11 PM

Thanks for the info sophist_dreams. *sigh* I guess I'll bite the bullet and install the other two (one addresses TAPI and the other remote desktop), just to play it safe. It just gets discouraging with these endless patches. I mean, will it ever end!? Has anyone seen the difference in speed between an unpatched XP O/S and a fully patched O/S? It's mind boggling.

Does anyone know if all the latest updates are required? I've got Remote Desktop and Telnet disabled, as well as the Server, Messenger and Remote Registry services. I'm appreciative of the patches, but if I don't need them, I'd rather not install them.

Score: 0

By sophist_dreams

posted Aug 10, 2005 - 11:42 AM

I certainly would, especially if you are a hardcore IE user

Quote

Microsoft has issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a computer.
The software maker released six security bulletins on Tuesday as part of its monthly patching cycle, describing three of them as "critical." The Redmond, Wash.-based company gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user.
One bulletin addresses three vulnerabilities in the Internet Explorer, Microsoft's widely used Web browser. These issues carry the highest risk of attack out of all the issues fixed, Oliver Friedrichs, a senior manager at Symantec Security Response, said.
Two other flaws, affecting the plug-and-play feature and printing in Windows, could also spell some trouble for users, he said.
An error in the way IE handles JPEG images is especially alarming, according to Symantec. An attacker could commandeer a PC by crafting a malicious image and tricking the victim to look at it on a Web site or in an HTML e-mail, for example, Microsoft said in its MS05-038 security bulletin.
"These vulnerabilities can be leveraged by malicious Web sites to install spyware, Trojan horses, bots or other programs on an unsuspecting user's machine," Friedrichs said.
The other two IE flaws could also enable an attacker to take control of a user's computer. One vulnerability lies in how the browser handles URLs, related to a feature that lets users view file folders in IE. The other deals with the ability of IE to call on other parts of Windows and is similar to a problem patched last month.

UnQuote

Score: 0

By imafurby

posted Aug 9, 2005 - 10:42 PM

Windows...the software equivalent of Swiss Cheese.

Score: 0

By Mark Gillespie

posted Aug 10, 2005 - 9:05 AM

Currently, XP has fewer critical updates on a month by month basis, than most Linux distributions. Mac also has it's fair share.

Please get of your bandwagon and use your own transport.

Score: 0

By GoodThings2Life

posted Aug 9, 2005 - 11:07 PM

I think you've just found the intellectual equivalent, too...

Try Fedora Core Linux instead and try "yum update". :)

Score: 0

By bourgeoisdude

posted Aug 9, 2005 - 6:07 PM

IT IS OFFICIALLY HERE!!! BETANEWS IS NO LONGER STATING THAT ISSUES ALSO AFFECT XP SP2!

Seriously, I'm impressed. Maybe betanews think SP2 isn't so bad after all?

Score: 0

By bleh427

posted Aug 9, 2005 - 8:45 PM

Most of the people complaining about SP2 probably had computer problems way prior to that, since I am estimating that 75% of computer users do not know how to properly maintain their operating system.

Score: 0

By Budgie29

edited Aug 9, 2005 - 10:22 PM

75% that a conserive estimate bleh427 i'd say its more like 90% ,as my day job i am a network engineer freelance. I have yet to come across a machine that is up to date.so far as patches go . and other software .. spyware addaware is the biggest culprt
I once found inexcess of 900 references of spyware,trojans and adware on a persons machine ... of which he was oblivious to.

Score: 0

By wav

posted Aug 11, 2005 - 12:30 AM

"I once found inexcess of 900 references of spyware,trojans and adware on a persons machine" I hope you mean 900 of each, cause if not, that's not even worth mentioning until you found a machine with in excess of 3500 on one scan. haha Yeah that was one messed up system. 15 minutes to load it up, realized what the problem is, reboot to safe mode, and many scans later after it freezes several times, manually removing some of the programs because they interfear with my scan, and finally a clean fast machine.

Score: 0

By 802dotjohn

posted Aug 10, 2005 - 8:41 AM

Freelance network engineer? Does that mean you run spybot on your friends and neighbor's computers? Just kidding.

It is a pain. I manage about 2000 client and the users always say "this thing keeps popping up when i am trying to work, I just close it out." And trying to explain to them what adware and spyware or anything related to the normal operation of a computer is and they suddenly lock up. They are not responsible for the computers. We are. Why should they take time out of their busy schedule of playing solitare and trying to delete hidden files ( because they just didn't think they should be there) to think about updating their computer or run some type of malicious software removal application.
Sorry, a little venting. :)

Score: 0

Nov 21 - 9:29 PM ET Hurd's the word in Ballmer's e-mail nightmares

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update