The BugBlog's Bug of the Month for May 2005 was posted as the Bug of the Day on April 12.
Microsoft has patched TCP/IP in most versions of Windows to fix five separate bugs that may allow remote attackers to crash your computer or possibly take it over completely. This affects Windows 2000 Service Packs 3 and 4, Windows XP Service Packs 1 and 2, and Windows Server 2003. Earlier versions of Windows (98, ME) are affected, too, but Microsoft says its not critical for them. This has already been fixed in Windows Server 2003 Service Pack 1, which was released last week. You can get patches for your version of Windows at http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx. Microsoft credits these people for finding these bugs: Song Liu, Hongzhen Zhou, and Neel Mehta of ISS X-Force; Fernando Gont of Argentina's Universidad Tecnologica Nacional/Facultad Regional Haedo; and Qualys.
Why this one? This bug was one of eight released by Microsoft on Patch Tuesday, the second Tuesday of the month when they release all their security bulletins. Five of those bulletins, including this one, were marked Critical. Just about every version of Windows was affected, including last year's Windows XP Service Pack 2. This patch actually took care of five separate bugs within TCP/IP, which is the protocol used for communicating over the Internet. So this bug affects a huge number of users, is in an important function, and could have a devestating impact. All those factors make it the Bug of the Month.
There's daily coverage of computer bugs and their fixes at the BugBlog.
Article comments
1 - Mark Schannon
Thanks for tip, but I went to site and then to "warnings" and found a typical MS techno-babble explanation of everything that could go wrong. Could you translate what the problem is, the fix, and the potential problems the fix causes into English? Would be most greatful!