Patch Tuesday: And Then There Were Four

Microsoft dropped one patch from its Patch Tuesday lineup, instead only releasing four patches, one of which was critical.

Based on the list provided by Microsoft last Thursday, it appears as if the company nixed the fix aimed at the company's SharePoint product. That patch would have repaired an issue concerning an elevation of privilege risk.

No immediate reason was given as to why the patch had been dropped, however typically when patches are not released, is has to do with some issue of quality control.

The lone critical patch was aimed at a vulnerability within Microsoft Agent in the way it handles specially crafted URLs. The flaw could allow an attacker to run code remotely on a compromised system, although the company said it depends on the rights assigned to the user.

A publicly disclosed vulnerability in Crystal Reports for Visual Studio led off the "important" updates. If a user opened a certain type of RPT file, it could open the door for remote code execution. Again, the severity is dependent upon the rights issued to each user.

Another publicly disclosed issue was resolved in the patch for Windows Services for UNIX, where running particular setuid binary files could lead to an elevation of privilege. And finally, a publicly disclosed flaw in MSN and Windows Messenger was fixed where a malicious video invitation could lead to code execution and a complete takeover of the affected system.

Like two other fixes this Patch Tuesday, the severity depends on the rights assigned to the user.