In another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft Word and Excel, Microsoft Windows XP, Microsoft SQL Server 7.0 and 2000.

Bulletin: MS02-059

Title: Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure

Risk: Moderate

Advisory: http://www.net-security.org/advisory.php?id=1163

Description:Word and Excel provide a mechanism through which data from one document can be inserted to and updated in another document. A vulnerability exists because it is possible to maliciously use field codes and external updates to steal information from a user without the user being aware.




Bulletin: MS02-060

Title: Flaw in Windows XP Help and Support Center Could Enable File Deletion

Risk: Moderate

Advisory: http://www.net-security.org/advisory.php?id=1164

Description:A security vulnerability is present in the Windows XP version of Help and Support Center, and results because a file intended only for use by the system is instead available for use by any web page.



Bulletin: MS02-061

Title: Elevation of Privilege in SQL Server Web Tasks

Risk: Critical

Advisory: http://www.net-security.org/advisory.php?id=1165

Description:An attacker who is able to authenticate to a SQL server could delete, insert or update all the web tasks created by other users. In addition, the attacker could run already created web tasks in the context of the creator of the web task.