Microsoft releases its Security Bulletins for December
Microsoft's Security Bulletins for December report the release of one vulnerability patch rated "critical" and five rated "important". In addition, a Microsoft Knowledge Base Article [KB886185] has been released describing a "critical" vulnerability in Microsoft Windows Firewall in Windows XP Service Pack 2 (SP2).
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
Microsoft Security Bulletin MS04-040 - [KB889293] reports the release of a cumulative security update for Internet Explorer, a critical patch against serious vulnerabilities that could allow for remote code execution on an affected system. If the user is logged in as administrator an attacker could gain complete control of an infected system. An attacker could host a website with malicious code embedded in its pages that would infect systems when loaded in Internet Explorer. However, an attacker would have to coax users to visit the site but would have no way of forcing visits.
The following software is affected by this vulnerability:
- Internet Explorer 6 SP1 on Windows 2000 SP3, Windows 2000 SP4, or Windows XP SP1
- Internet Explorer 6 SP1 on Windows NT Server 4.0 SP6a; Windows NT Server 4.0, Terminal Service Edition SP6; Windows 98; Windows 98 SE; or Windows Me
- Internet Explorer 6 for Windows XP 64-Bit Edition SP1
Microsoft has also released a Knowledge Base Article [KB886185] that describes a "critical" patch against a significant vulnerability in Microsoft Windows Firewall in Windows XP Service Pack 2 (SP2). According to Microsoft's website users may discover that their computers "can be accessed by anyone on the Internet" when they are connected to the Internet via a dial-up connection.
The following operating systems are affected by this vulnerability:
- Microsoft Windows XP Home Edition Service Pack 2 (SP2)
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Tablet PC Edition 2005
- Microsoft Windows XP Media Center Edition Service Pack 2 (SP2)
Other Microsoft patches released this month:
The release of five other patches are also announced in this months Microsoft Security Bulletins. These patches have all been rated "important" by Microsoft:
- Technical Security Bulletin MS04-041 - [KB885836]
- Technical Security Bulletin MS04-042 - [KB885249]
- Technical Security Bulletin MS04-043 - [KB873339]
- Technical Security Bulletin MS04-044 - [KB885835]
- Technical Security Bulletin MS04-045 - [KB870763]
Users are advised to patch their systems against these vulnerabilities immediately. Patches can be downloaded via links posted within the appropriate Security Bulletin or by visiting Windows Update.