Microsoft Releases Security Updates For November

These new security updates address newly discovered issues in Microsoft Windows, including Internet Explorer. Two of the updates are ranked as “Critical” while one is ranked as “Important” and if you’re using the affected software you should install them immediately.

Security Bulletin MS03-048 brings a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionaly, it eliminated five newly discovered vulnerabilities.

In mid October security firm PivX Solutions shut down their page of unpatched Internet Explorer holes but the problems with Internet Explorer will apparenlty not come to an end soon. A list of unpatched vulnerabilities can be found at this website maintained by Liu Die Yu, a security researcher from China.

Security Bulletin MS03-049 is about a security vulnerability the exists in the Workstation service. This vulnerability could allow remote code execution on an affected system. It results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain system privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.

Security Bulletin MS02-050 is the re-release of the original version of the bulletin which was released in September 2002. Microsoft said that they re-issued this security bulletin in order to advise on the availability of an updated Windows 2000 Service Pack 4 (SP4) security patch. This revised security patch corrects a regression that may occur during the installation of Microsoft Internet Explorer 6.0 Service Pack 1 on Windows 2000 SP4. This regression removes the update that is discussed in this bulletin and that is provided as part of Windows 2000 SP4.