There wasn’t lots of time to celebrate Mardi Gras, for those people who are responsible for computer security and maintenance. February 8 was “Patch Tuesday”, the second Tuesday of the month when Microsoft releases their security bulletins.
This one was a biggie — twelve security bulletins were released, of which eight were marked as Critical, which usually means a bug which can be exploited by a remote attacker to take over your computer. Every version of Windows was affected by at least one of the critical bugs, including the most recent, and most secure, Windows XP Service Pack 2. There’s also a new cumulative security update for Internet Explorer, and there are critical vulnerabilities in Office XP and Office 2003.
You can read Microsoft’s summary of the twelve bulletins at http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx. From
there, you can also read the details, or you can read them at the BugBlog
Plus.Needless to say, it’s a lot of the same things we’ve seen over and over again — unchecked buffers, flawed ActiveX components, bugs in Windows components such as OLE and COM.
Oh yeah, Microsoft also announced that they bought an anti-virus company,Sybari Software, that makes software that protects Microsoft Exchange and Lotus Notes. This isn’t something that is marketed to the ordinary computer user, but I still don’t think Symantec and McAfee will be having pleasant dreams tonight.
Continuing coverage of these security bugs, plus any other compatibility problems they might cause, will continue at the BugBlog.