Microsoft released three critical fixes and three moderate-to-important fixes to the Microsoft software platform Tuesday as part of its monthly patch program.
The security bulletins, which normally consolidate several vulnerabilities under the particular software component affected, provide more detail on vulnerabilities that were hinted at Thursday.
The three critical patches are:
- MS05-038 fixes three vulnerabilities affecting Internet Explorer (IE) versions 5 and 6. A JPEG image rendering memory corruption vulnerability, Web folder cross-domain vulnerability and COM object instantiation memory corruption vulnerability could lead to the malware
writer taking control of the user’s computer. Users logged in under a non-administrative user name will be less impacted. - MS05-039 deals with a critical vulnerability in Microsoft’s Plug-and-Play that could allow an attacker to gain remote control over the user’s PC as well give themselves administrator rights on the machine. The only real remote control danger comes from Windows XP Service Pack (SP) 1 machines since the vulnerability only allows for local machine elevation rights on Windows XP SP2 and Windows Server 2003 systems. However, the vulnerability will allow remote code execution on all three platforms.
- MS05-043 corrects a print spooler vulnerability in Windows 2000 SP 4, Windows XP SP 1 and 2, and Windows Server 2003. The vulnerability allows remote code execution by the attacker to take complete control over the machine. Attacks on other Windows platforms, officials said, would likely result in a denial of service (DOS) attack
.
The Redmond, Wash.-based software giant also released three non-critical security bulletins for August.
A vulnerability in the way the telephony API
A moderate-level vulnerability in Kerberos and PKINIT could allow the attacker to launch a DOS attack, grab information off the user’s computer or spoof
This month’s security update also includes definition updates to Microsoft’s malicious software removal tool. The update will remove Spyboter, Bagz and Dumaru bugs from a user’s system.