Microsoft Agent: A Patch Tuesday Unto Itself
Almost. Three other fixes rank as less severe.
September is looking like a slow month for Microsoft bugs, as this month's Patch Tuesday only features one critical fix for one specific version of Windows, plus three important fixes, which rank as less severe.
The only critical fix is in Microsoft Agent, which has a vulnerability that could allow for remote code execution. Agent is used in a variety of Microsoft applications that are integrated into Windows, most notably the Windows Search feature with the animated dog.
However, the fix is only for Windows 2000 Service Pack 4. All other versions of Windows are fine.
The other three fixes are non-Windows-related. A remote code execution vulnerability in Visual Studio is fixed, as is a hole in the Windows Services for Unix 3.0, which could allow an attacker to gain elevation of privilege. The last error is in the live cam feature in MSN Messenger and Windows Live Messenger, which could allow an attacker to take complete control of the affected system.
"The MSN Messenger and Windows Live Messenger vulnerability is also serious. However, Microsoft forces an update, so there is little chance of actually exploiting this vulnerability. Users should accept the automatic update when they connect to the Messenger service," Marcus said.