MS readies Vista code injection risk fix
Redmond security gnomes get tough
Critical bug fixes are on the agenda for this month's monthly patch update from Microsoft.
The four "important" fixes due out next Tuesday (8 July) for Microsoft SQL Server and Exchange as well as a brace of fixes for Windows. One of the Windows fixes affects Vista and poses a "remote code execution" risk, something that would normally merit a critical tag.
Microsoft will need to come up with a really convincing rationale on why the bug is hard to exploit, to avoid accusations that it's fudging the classification of the vulnerability to avoid negative press.
Windows XP, Microsoft's earlier (supposedly less secure) operating system, is not affected by that Windows bug, but it is affected by a flaw that poses a spoofing risk. Windows Server 2003 and Windows 2000 also need patching against the second flaw, which doesn't affect Vista.
As well as the patches Microsoft also plans to publish an update for its Malicious Software Removal Tool.
More details on the upcoming patches can be found in Microsoft's pre-alert here. ®