Microsoft Patches Six Vulnerabilities
Microsoft released six security patches Tuesday as part of its monthly initiative to fix vulnerabilities within the Windows operating system. Three of the vulnerabilities have been marked "critical," one "important," and two as "moderate" in severity.
One of the critical software patches fixes a flaw within the print spooler that could allow for remote code to be executed.
The other two critical fixes are more severe in their possible consequences: one that corrects several vulnerabilities within Internet Explorer, and another that fixes a Plug and Play flaw. In a worst-case scenario, a hacker could exploit either flaw to gain complete control of an affected Windows system.
Microsoft also fixed a vulnerability in the Telephony Application Programming Interface, or TAPI, that could allow for remote code execution. The problem mainly affects users of Windows 2000 and Server 2003 who have manually enabled the telephony server feature of the operating systems.
Finally, two moderate risk issues were patched in Tuesday's release, including a flaw in the Remote Desktop application that an attacker could use to cause a Windows computer to freeze and crash, and vulnerabilities within Kerberos, an authentication scheme used by the operating system.
According to Microsoft, the worst of the vulnerabilities could result in a denial of service attack on the affected machine. Customers can download the patches immediately from the Microsoft Download Center or wait and receive them automatically through Windows Update.