XP SP2 hit, but not as hard, on Microsoft patch day

Security precautions bundled as part of Windows XP Service Pack 2 make the operating system slightly less vulnerable to the latest batch of potential attacks that Microsoft Corp has outlined in its monthly set of security patches.

The company issued five patches for nine distinct vulnerabilities. Three of the patches are applicable to Windows XP SP2, but in a number of cases Microsoft’s latest OS is less vulnerable to attack that older versions.

The biggest fix in the December batch is for the two WINS vulnerabilities, details of which have been in the public domain for over a week. The Windows Internet Naming Service maps IP addresses to NetBIOS computer names and vice versa

Microsoft said the most likely exploit would be a denial of service. The vulnerability, rated important on Windows NT, 2000 and 2003 server software, permits remote code execution, but Microsoft said the problem is not wormable.

Important is Microsoft’s second-highest rank for a vulnerability. Such a bug could be exploited in a semi-automated attack, but generally have mitigating factors such as the need for victim interaction that makes them unsuitable for a network worm.

Another important pair of bugs affects a component of Wordpad, one of Microsoft’s text editor applications. They also allow remote code execution, but require some user interaction and require Word not to be present on the target machine.

The patch for the two Wordpad vulnerabilities also turns off the affected components, in case any future vulnerabilities are found in them. This is the default setting in XP SP2, so that OS is regarded as being only moderately susceptible to attack.

In another instance of SP2 being less prone to attack, a privilege escalation vulnerability discovered in the Windows kernel could allow a full compromise under earlier versions of the OS, but would likely just crash SP2.

The fix for that vulnerability is bundled with another privilege escalation vulnerability fix, this one in the Local Security Authority Subsystem Service, LSASS, the Windows component the Sasser worm used to spread.

Another important vulnerability affects HyperTerminal, Microsoft’s Telnet client application. If it is set as the default Telnet client, attackers can execute code of their choice via HTML in a web page or email.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing