Microsoft posts nine security updates

Microsoft posts nine security updates

Today Microsoft published its October list of security bulletins. There are nine, three of which are ranked Critical by Microsoft, four are Important, and two rank as Moderate threats. The list includes an update of the vulnerability found in August 2005 within Windows Plug-and-Play, MS05-039. The most critical flaws announced today, MS05-050, MS05-051, and MS05-052, affect Microsoft Distributed Transaction Coordinator, Microsoft Internet Explorer, and Microsoft DirectX 8.1, the latter two apps can be found on most Windows machines, versions Windows 98 through XP inclusive. Patches are available via Microsoft Update .

MS05-044: Moderate

Entitled "Vulnerability in the Windows FTP client could allow file transfer location tampering," this bulletin affects Windows XP SP1, and Windows Server 2003. It can lead to file tampering on unprotected machines.

MS05-045: Moderate

Entitled "Vulnerability in network connection manager could allow denial of service," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, and Windows Server 2003. It can lead to a denial-of-service attack on unprotected machines.

MS05-046: Important

Entitled "Vulnerability in the client service for NetWare could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, and Windows Server 2003. It can lead to remote code execution on unprotected machines.

MS05-047: Important

Entitled "Vulnerability in Plug-and-Play could allow remote code execution and local elevation of privilege," this bulletin affects Windows 2000 and Windows XP users. It replaces MS05-039 and allows for remote code execution and local elevation of privilege on unprotected machines.

MS05-048: Important

Entitled "Vulnerability in the Microsoft collaboration data objects could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-049: Important

Entitled "Vulnerabilities in Windows shell could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-050: Critical

Entitled "Vulnerability in DirectShow could allow remote code execution," this bulletin affects Windows 98, Windows 98SE, Windows Me, Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64 Edition, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-051: Critical

Entitled "Vulnerabilities in MSDTC and COM+ could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64 Edition, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-052: Critical

Entitled "Cumulative security update for Internet Explorer," this bulletin affects Windows 98, Windows 98SE, Windows Me, Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64 Edition, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Delete your photos by mistake?

    Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.