Security News > 2004 > December > Microsoft fixes three flaws in XP SP2
http://www.smh.com.au/news/Breaking/Microsoft-fixes-three-flaws-in-XP-SP2/2004/12/15/1102787120589.html By Sam Varghese December 15, 2004 Microsoft has released five security advisories for the month, all of which are rated important - second on a four-tier scale devised by the company - and affect various versions of Windows. The advisories, released on Tuesday US time, included three patches for holes in service pack 2 for Windows XP which was released in August. One patch fixes a flaw in some versions of Windows which was made public some weeks ago. Earlier this month, Microsoft issued an out-of-schedule patch to fix a critical flaw in Internet Explorer. The flaws are in WordPad, the Dynamic Host Control Protocol implementation in Windows NT 4.0, HyperTerminal, the Windows Kernel and the Local Security Authority Subsystem Service and Windows Internet Naming Service. The company has not addressed a longstanding flaw in Windows 2000, details of which were submitted by eEye Digital Security 134 days ago. A week ago, Microsoft said it was yet to asecertain the severity of this bug. A second vulnerability discovered by eEye affects Windows Me, Windows 2000, Windows XP and Windows 2003. Both these vulnerabilities can be remotely exploited, according to eEye, a company which has found numerous serious flaws in various Windows versions in the past, including the vulnerabilities that resulted in attacks by worms like Sasser, Witty, and Code Red. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/