Microsoft managed to give a small holiday gift to network administrators this month: No critical patches.
The software giant released five patches to fix nine issues in its Windows operating systems on Tuesday, with none of the security holes rated as a serious threat. Microsoft warned last week that the fix would be coming.
"All the flaws have something about them that makes it more difficult for an attacker to exploit them," said Stephen Toulouse, a security program manager in Microsoft's security response center.
Earlier this month, Microsoft issued an unscheduled critical patch for Internet Explorer. It plugged a security hole that opened PCs with the Web browser up to attack by online fraudsters.
The five December advisories are the last fixes scheduled for release this year. If the company does not release any more security bulletins this month, it will have released 45 patches in 2004, down from 51 in 2003.
Those numbers do not necessarily indicate that Microsoft has made progress in its fight against security vulnerabilities. The company frequently releases a single patch to correct multiple flaws, and in some cases, it quietly fixes additional problems without mentioning the issues in its advisories. In April, for example, it delivered four fixes to patch a score of issues, and in October, it issued 10 advisories to fix 22 flaws.
The current issues include problems with a format converter in WordPad software; flaws in the Microsoft implementation of Dynamic Host Configuration Protocol (DHCP), a standard for configuring small networks; an issue in the HyperTerminal application; and vulnerabilities in the Windows kernel. They also address two problems with the Windows Internet Naming Service (WINS) that were publicized last month.
The fixes variously affect a number of Windows operating systems. The latest version of Windows XP, known as Service Pack 2, requires three patches. For the most part, the effect of the nine flaws in the advisory was limited by the security updates in SP2, Microsoft's Toulouse said.
"We are seeing some indications that it is more resilient," he said.
Microsoft has recommended that all Windows XP users upgrade to Service Pack 2, which adds security features to Windows and removes applications that pose potential security risks. The patch can be downloaded through the Windows Update service, which can be started from the Windows Control Panel.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here and what the next steps are.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation