Content

From Redmond: two December patches

Microsoft gave users two fixes, one with a critical rating, for its December edition of "Patch Tuesday."

One patch, MS05-054, was released to protect users from remote code execution that could allow a hacker to take complete control of an affected PC via malicious Internet Explorer download. The vulnerability was discovered in May by Secunia and affected users of Windows 2000, XP and 2003.

Microsoft also released a patch, MS05-055, for a vulnerability in the Windows kernel allowing for privilege elevation. Rating the bulletin "important," Microsoft said the vulnerability affected users of Windows XP and 2003.

A Microsoft spokesman said the company also will begin signing customer security communications with Secure Multipurpose Internet Mail Extensions next year.

"This change will allow for easier customer verification that email coming from Microsoft regarding security is actually coming from Microsoft," the spokesman said.

Last month, the computing superpower released a single patch, containing three separate updates that addressed problems with either Windows Media Format or Enhanced Media Format. Before the November release, the company also had said the patch would have a critical rating.

Microsoft's choice to release a patch for IE shows the company is listening to media reports about the vulberability, said Russ Cooper, senior information security analyst with Cybertrust.

"I am pleased to see we have a this Windows vulnerability patch. It would've been nice to see it released out of cycle," he said, adding that for Microsoft's recent disclosure of vulnerabilities, "It's good to see responsible disclosure going on."

www.microsoft.com

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.