Yesterday, the Microsoft Security Response Center (MSRC) issued three new security bulletins, none of which is rated critical. One bulletin is rated important; the other two have moderate ratings. The bulletins highlight security flaws in Windows Media Services, Microsoft Office XP, and MSN Messenger, the company noted.
The Office security flaw is the only vulnerability that could let malicious attackers run unwanted code on users' systems. The flaw affects systems running Office XP Service Pack 2 (SP2) and Microsoft Outlook 2002 SP2.
The moderate security flaw for MSN Messenger 6.1 and MSN Messenger 6.0 could let attackers view--but not change or download--files on the victim's computer. Microsoft will fix the flaw in an upcoming version of the Instant Messaging (IM) application the company plans to issue.
The moderate security flaw in Windows Media Services, which affects Windows 2000 SP4, SP3, and SP2, could let attackers send fake streaming-media requests that could shut down the service. That situation would be, in effect, a Denial of Service (DoS) attack.
Microsoft switched to a monthly security-update release schedule last fall. "Microsoft is committed to helping customers keep their information safe, and releasing security bulletins on a regular, monthly schedule makes security response more predictable and easier for customers to manage," a company representative told me. You can download the patches that fix this month's security flaws from the Microsoft Web site.