- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Microsoft continued its policy of releasing monthly security updates with three new software patches on Tuesday, including fixes for the MSN Messenger instant messaging program, Windows Media Services and the Outlook e-mail client.
Microsoft publish three security bulletins, MS04-008, 009 and 010. Only one of the security holes, in Outlook, could allow attackers to run malicious code on affected computers, and none of the new vulnerabilities was rated "critical" by Microsoft, the company said.
The company released a patch for Microsoft Office XP Service Pack 2 and Microsoft Outlook 2002 Service Pack 2, MS04-009, that fixes a problem with the way Outlook handles URLs that use the "mailto" tag. That tag allows Web page authors to insert links on Web pages that launch Outlook or other e-mail clients.
A problem with the way Outlook interprets mailto URLs could allow an attacker to use a specially formatted mailto URL to gain access to files on an affected system or insert and run malicious computer code, and is rated "important," Microsoft said.
Computers would have to be running a vulnerable version of Outlook and have the "Outlook Today" home page as their default homepage with Outlook. "Outlook Today" is only the home page until an e-mail account is created, Microsoft said.
Two other software bulletins, MS04-008 and 010 were both rated "moderate."
A software patch detailed in MS04-010 addresses a security hole in MSN Messenger version 6.0 and 6.1 instant messaging program that could allow an attacker to secretly view information on a user's hard drive.
A problem with the way Messenger treats requests from transfer files between Messenger installations allows attackers to use a specially formatted request to browse the recipient's hard drive and read files without the recipient knowing, Microsoft said.
Finally, MS04-008 fixes a security vulnerability in Windows 2000 Server Service Packs 2, 3 and 4. A problem with the way Windows Media Station Service and Windows Media Monitor Service process TCP/IP connections could allow an attacker to send specially formatted TCP/IP packets that shut down either service.
Windows Media Services is a component of Windows 2000 Server that allows customers to manage and distribute Windows Media-format content over the Internet.
The vulnerability, which is of "moderate" seriousness, could make Windows 2000 Server installations vulnerable to a denial of service attack, Microsoft said.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment