MS readies Vista code injection risk fix
Print storyRedmond security gnomes get tough
Posted in Enterprise Security, 4th July 2008 09:52 GMT
Free whitepaper – Vulnerability management buyer's checklist
Critical bug fixes are on the agenda for this month's monthly patch update from Microsoft.
The four "important" fixes due out next Tuesday (8 July) for Microsoft SQL Server and Exchange as well as a brace of fixes for Windows. One of the Windows fixes affects Vista and poses a "remote code execution" risk, something that would normally merit a critical tag.
Microsoft will need to come up with a really convincing rationale on why the bug is hard to exploit, to avoid accusations that it's fudging the classification of the vulnerability to avoid negative press.
Windows XP, Microsoft's earlier (supposedly less secure) operating system, is not affected by that Windows bug, but it is affected by a flaw that poses a spoofing risk. Windows Server 2003 and Windows 2000 also need patching against the second flaw, which doesn't affect Vista.
As well as the patches Microsoft also plans to publish an update for its Malicious Software Removal Tool.
More details on the upcoming patches can be found in Microsoft's pre-alert here. ®
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive