Security threats Toolkit
Story: Microsoft patches critical hole in Windows kernel
Even though it is a lighter load - keep in mind you have to implement them.
Microsoft has delivered a lighter patch Tuesday this month, issuing three critical patches and three important patches. Windows 7 users can put their feet up this morning as none of the patches affect the new platform, dubbed by Microsoft as the most secure system that they have shipped. However, the majority of businesses are still in the planning stages of migrating to Windows 7, leaving most IT departments with their hands full. Four of the six new patches are replacements for previously released patches.
Specific information is as follows:
▪ MS09-63 resolves a vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. Listed as critical, it impacts Microsoft Vista and Windows 2008 platforms and requires a restart.
▪ MS09-064 resolves a vulnerability in Microsoft Windows 2000 License Logging Server. Listed as critical, it directly impacts Windows 2000 and requires a restart.
▪ MS09-065 resolves several vulnerabilities in the Windows kernel and replaces the previously released bulletin MS09-025. Listed as critical, it impacts all platforms except Windows 7 and requires a restart.
▪ MS09-066 resolves a vulnerability in Active Directory and replaces the previously released bulletin MS09-018. Listed as important, it impacts all platforms except for Vista and Windows 7 and requires a restart.
▪ MS09-067 resolves several vulnerabilities in Microsoft Office Excel and replaces the previously released bulletin MS09-021. Listed as important, it impacts both Windows PC and Mac implementations of Microsoft Office and may require a restart.
▪ MS09-068 resolves a vulnerability that could allow remote code execution if a user opens a specially crafted Word file and replaces the previously released bulletin MS09-027. Listed as important, it impacts both Windows PC and Mac implementations of Microsoft Office and may require a restart.
Along with Microsoft’s round of patches, businesses need to handle extra workload, as Apple’s release its 10.6.2 update last night. The Apple patches are a not so subtle reminder that patching is no longer just a Microsoft only issue. The Apple 10.6.2 update addresses 43 specific issues related directly to 54 CVE cataloged security issues, 22 of which potentially allow a bad guy to execute arbitrary code and yes, some remotely.
Other vendor software security issues that are important to note include a bug discovered in Linux that gives untrusted users root access. Red Hat has patches available for versions 4 and 5 of RHEL and MRG. Another recently discovered SSL flaw, which aids in facilitating a man-in-the-middle attack, is expected to bring a large number of patches in the near term from multiple vendors.
lumension
LONDON, UK
Member since: October 2008
Site Activity Rating:
This member is ranked #64 in our top 100
Full Talkback thread
