From Redmond: two December patches

By

Microsoft gave users two fixes, one with a critical rating, for its December edition of “Patch Tuesday.”

One patch, MS05-054, was released to protect users from remote code execution that could allow a hacker to take complete control of an affected PC via malicious Internet Explorer download. The vulnerability was discovered in May by Secunia and affected users of Windows 2000, XP and 2003.


Microsoft also released a patch, MS05-055, for a vulnerability in the Windows kernel allowing for privilege elevation. Rating the bulletin "important," Microsoft said the vulnerability affected users of Windows XP and 2003.

A Microsoft spokesman said the company also will begin signing customer security communications with Secure Multipurpose Internet Mail Extensions next year.

"This change will allow for easier customer verification that email coming from Microsoft regarding security is actually coming from Microsoft," the spokesman said.

Last month, the computing superpower released a single patch, containing three separate updates that addressed problems with either Windows Media Format or Enhanced Media Format. Before the November release, the company also had said the patch would have a critical rating.

Microsoft's choice to release a patch for IE shows the company is listening to media reports about the vulberability, said Russ Cooper, senior information security analyst with Cybertrust.

"I am pleased to see we have a this Windows vulnerability patch. It would've been nice to see it released out of cycle," he said, adding that for Microsoft's recent disclosure of vulnerabilities, "It's good to see responsible disclosure going on."

www.microsoft.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

Log In

  |  Forgot your password?