Risk: Low
The Microsoft patch train has arrived again, this time though carrying a rather light consignment. Last month we reported that Microsoft had issued four patches addressing 20 vulnerabilities, including the flaw for the Sasser worm. However this month, there is just a single, lonely patch.
The lone patch corrects a flaw in Windows Help And Support service on XP and 2003 Server systems that could allow malicious users to inject unknown code and cause an overflow. The patch has been deemed important but not critical, Microsoft's highest rating for a vulnerability.
Microsoft have also reissued two additional patches: MS04-014 to address a Jet Database Engine code execution vulnerability, initially released in April 2004, and MS01-052, first released 3 years ago, for a Windows NT Server 4.0 Terminal Server DoS vulnerability.