Microsoft released Wednesday three new security patches for its products and announced a revision of an older update, citing improper compatibility for some Windows users. Most security issues addressed by the new updates are of moderate impact, concerning primarily information disclosure, and affect several Windows operating systems, the Outlook e-mail client, and Microsoft's Content Management Server.
According to the company's security bulletins, a flaw in dealing with V1 Exchange Server Security certificates in Outlook 2002 could lead to sending non-encrypted messages, misleading the user and possibly resulting in disclosure of sensitive information to a third-party.
Information disclosure could reportedly occur in the Microsoft Content Management Server (MCMS) 2001, too. The software giant announced that a cross-site scripting flaw in a pre-defined ASP web page, coming along with the package, is susceptible to attack.
A buffer overrun vulnerability in Microsoft Locator service, included with Windows NT 4.0, Windows 2000, and Windows XP, could expose some computer systems to attacks. A specifically malformed header may trigger a service failure, or even execution of arbitrary code on the user's system.
Microsoft also updated a patch released in December 2002, which initially was thought to have been included in Windows XP Service Pack 1 (SP-1). Users with already installed SP-1 were unable to apply the update to their computer systems, leaving them open to unauthorized modifications of their network's group policy.
Svetlozar Online advises all users to download and apply all updates pertinent to their computer systems.
