Microsoft officially acknowledged this and subsequently revised its security bulletin on May 28 to announce a new patch. The new update “corrects the performance issues that some customers experienced,” the company says.
The new bulletin advises that companies may not want to install MS03-013 unless they are having the specific problem that needs to be patched. The security weakness allows an intruder to gain administrator privileges, but he or she would have to enjoy physical access to a machine to achieve this. I’d agree that the patch may not be necessary for most companies. More info Other significant bulletins:
- Microsoft releases critical MS03-020 security patch for IE 5 and 6
- Security expert Thor Larholm says there are 15 significant security holes in Internet Explorer that still have not been corrected by Microsoft
- Official response to a virus that claims to be from email@example.com (See the May 8 issue of Brian’s Buzz.)