News Stay informed about the latest enterprise technology news and product updates.

Critical September patch could hit Windows 2000 SP4 systems

IT managers got a light load of patches this month with only one rated critical.

The patching gods at Microsoft gave IT administrators a break this month by releasing a light delivery of four fixes, and only one is rated critical.

That's no reason to skimp on patching, of course -- especially since the one issue rated critical affects Windows 2000 Service Pack 4 systems. Last I checked there are still quite a few such machines doing active duty.

Plus, the vulnerability this patch addresses was privately disclosed to Microsoft -- it wasn't something Microsoft discovered on its own. The problem revolves around the largely-unused Microsoft Agent, the component that allows programmers to create animated characters to guide users -- something that annoyed almost everyone I know the minute they saw it. And the fact that it can be used as a vector for injecting arbitrary code into a system unless it's patched makes it doubly annoying.

Of the other three bulletins, all tagged as "Important," only one affects Windows itself in just about all its incarnations. It's a privilege-elevation vulnerability in Windows Services for Unix 3.0, 3.5 and the Subsystem for Unix-Based Applications.

Since these services aren't installed by default on most Windows systems, it's not as urgent as it might be. The other two, also tagged "Important," involve a vulnerability with Crystal Reports for Visual Studio and an MSN Messenger / Windows Live Messenger vulnerability as well. Since MSN Messenger is pretty widely used, this last fix is well worth installing; if you're a programmer, the Crystal Reports problem should be something to attend to if you use that application.

Dig Deeper on Enterprise desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.