Microsoft released three critical fixes and three moderate-to-important fixes to the Microsoft software platform Tuesday as part of its monthly patch program.
The security bulletins, which normally consolidate several vulnerabilities under the particular software component affected, provide more detail on vulnerabilities that were hinted at Thursday.
The three critical patches are:
The Redmond, Wash.-based software giant also released three non-critical security bulletins for August.
A vulnerability in the way the telephony API in Windows Server 2000 SP 4/XP/Server 2003 processes data and permissions could allow an attacker to take control over a person’s computer. The vulnerability was not deemed critical because the telephony service is not enabled by default on Windows XP/Server 2003. Also, in Windows Server 2000/2003, the attacker must have a valid logon credentials and log on locally.
A moderate-level vulnerability in Kerberos and PKINIT could allow the attacker to launch a DOS attack, grab information off the user’s computer or spoof the address a user is visiting on the Web. A second moderate-level vulnerability takes advantage of a weakness in Microsoft’s remote desktop protocol, which would allow the attacker to launch a DOS attack. The vulnerability affects Windows 2000/XP/Server 2003 platforms.
This month’s security update also includes definition updates to Microsoft’s malicious software removal tool. The update will remove Spyboter, Bagz and Dumaru bugs from a user’s system.
This article was first published on internetnews.com.