The patching gods at Microsoft gave IT administrators a break this month by releasing a light delivery of four fixes, and only one is rated critical.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
That's no reason to skimp on patching, of course -- especially since the one issue rated critical affects Windows 2000 Service Pack 4 systems. Last I checked there are still quite a few such machines doing active duty.
Plus, the vulnerability this patch addresses was privately disclosed to Microsoft -- it wasn't something Microsoft discovered on its own. The problem revolves around the largely-unused Microsoft Agent, the component that allows programmers to create animated characters to guide users -- something that annoyed almost everyone I know the minute they saw it. And the fact that it can be used as a vector for injecting arbitrary code into a system unless it's patched makes it doubly annoying.
Of the other three bulletins, all tagged as "Important," only one affects Windows itself in just about all its incarnations. It's a privilege-elevation vulnerability in Windows Services for Unix 3.0, 3.5 and the Subsystem for Unix-Based Applications.
Since these services aren't installed by default on most Windows systems, it's not as urgent as it might be. The other two, also tagged "Important," involve a vulnerability with Crystal Reports for Visual Studio and an MSN Messenger / Windows Live Messenger vulnerability as well. Since MSN Messenger is pretty widely used, this last fix is well worth installing; if you're a programmer, the Crystal Reports problem should be something to attend to if you use that application.