Yesterday, the Microsoft Security Response Center (MSRC) issued three new security
bulletins, none of which is rated critical. One bulletin is rated important; the other
two have moderate ratings. The bulletins highlight security flaws in Windows Media
Services, Microsoft Office XP, and MSN Messenger, the company noted.
The Office security flaw is the only vulnerability that could let malicious attackers
run unwanted code on users’ systems. The flaw affects systems running Office XP Service
Pack 2 (SP2) and Microsoft Outlook 2002 SP2.
The moderate security flaw for MSN Messenger 6.1 and MSN Messenger 6.0 could let attackers
view–but not change or download–files on the victim’s computer. Microsoft will fix
the flaw in an upcoming version of the Instant Messaging (IM) application the company
plans to issue.
The moderate security flaw in Windows Media Services, which affects Windows 2000 SP4,
SP3, and SP2, could let attackers send fake streaming-media requests that could shut
down the service. That situation would be, in effect, a Denial of Service (DoS) attack.
Microsoft switched to a monthly security-update release schedule last fall. “Microsoft
is committed to helping customers keep their information safe, and releasing security
bulletins on a regular, monthly schedule makes security response more predictable
and easier for customers to manage,” a company representative told me. You can download
the patches that fix this month’s security flaws from the Microsoft Web site.