X

Microsoft posts nine security updates

Microsoft posts nine security updates

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi
3 min read
Today Microsoft published its October list of security bulletins. There are nine, three of which are ranked Critical by Microsoft, four are Important, and two rank as Moderate threats. The list includes an update of the vulnerability found in August 2005 within Windows Plug-and-Play, MS05-039. The most critical flaws announced today, MS05-050, MS05-051, and MS05-052, affect Microsoft Distributed Transaction Coordinator, Microsoft Internet Explorer, and Microsoft DirectX 8.1, the latter two apps can be found on most Windows machines, versions Windows 98 through XP inclusive. Patches are available via Microsoft Update .

MS05-044: Moderate
Entitled "Vulnerability in the Windows FTP client could allow file transfer location tampering," this bulletin affects Windows XP SP1, and Windows Server 2003. It can lead to file tampering on unprotected machines.

MS05-045: Moderate
Entitled "Vulnerability in network connection manager could allow denial of service," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, and Windows Server 2003. It can lead to a denial-of-service attack on unprotected machines.

MS05-046: Important
Entitled "Vulnerability in the client service for NetWare could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, and Windows Server 2003. It can lead to remote code execution on unprotected machines.

MS05-047: Important
Entitled "Vulnerability in Plug-and-Play could allow remote code execution and local elevation of privilege," this bulletin affects Windows 2000 and Windows XP users. It replaces MS05-039 and allows for remote code execution and local elevation of privilege on unprotected machines.

MS05-048: Important
Entitled "Vulnerability in the Microsoft collaboration data objects could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-049: Important
Entitled "Vulnerabilities in Windows shell could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-050: Critical
Entitled "Vulnerability in DirectShow could allow remote code execution," this bulletin affects Windows 98, Windows 98SE, Windows Me, Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64 Edition, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-051: Critical
Entitled "Vulnerabilities in MSDTC and COM+ could allow remote code execution," this bulletin affects Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64 Edition, and Windows Server 2003. It could lead to remote code execution on unprotected machines.

MS05-052: Critical
Entitled "Cumulative security update for Internet Explorer," this bulletin affects Windows 98, Windows 98SE, Windows Me, Windows 2000 SP4, Windows XP SP1 and SP2, Windows XP Professional x64 Edition, and Windows Server 2003. It could lead to remote code execution on unprotected machines.