January Updates Include New Tool

In addition to the monthly patches for vulnerabilities in its Windows software, Microsoft used its Jan. 2005 “Patch Tuesday” to release its first monthly malicious software removal tool and announce an update beta program designed to ensure that it releases high-quality patches. Microsoft may have to break from its normal monthly cycle in Jan. 2005 and release additional patches, as exploits are beginning to circulate for vulnerabilities reported to Microsoft by security researchers several months ago, but for which updates have not yet been released.

January’s Updates

Two critical and one important update were released as the Jan. 2005 updates. (For a summary of the bulletins, see the chart “Jan. 2005 Update Summary“.)

HTML Help update. This critical update resolves a cross-domain vulnerability in the HTML Help ActiveX control.

HTML Help is the standard help system for Windows, and the associated ActiveX control manages navigation and secondary window functionality. In the context of a browser or HTML Help, a domain is a security boundary—any open browser or HTML Help windows within the same domain (for example, from the same Web site) can interact with each other, but windows from different domains (or a different Web site) cannot.