[ insider_reports_insider ]
Microsoft Patches Critical Vista Vulnerability
David Utter
Staff Writer
2008-01-09
 Insider Reports RSS Feed
The first Patch Tuesday of 2008 for Microsoft led off with only one Critical-rated issue to fix, along with an Important-rated patch for Windows.
 | | Microsoft Patches Critical Vista Vulnerability |  |
Microsoft's first two security bulletins for the New Year contained yet another fix for the Vista operating system. Vista had been touted as Microsoft's most secure operating system to date.
However, an issue with the way Vista, and XP, handle IGMP packets over TCP/IP could have led to problems. If exploited, the issue could have enabled remote code execution.
The relatively new Security & Vulnerability blog at Microsoft said the patch fixing this problem also corrected a second ICMP issue, one that likely would not impact many Windows machines as the exploitable component is off by default in older Windows versions, and not affected in Vista.
(As an aside to the webmaster for the Microsoft Security & Vulnerability blog: why the crappy thin font? At least make it use Arial or Helvetica.)
Fortunately, the Critical IGMP issue would have required an attacker to overcome a few hurdles to accomplish it. Another blog post from the Security & Vulnerability team said the timing-sensitive nature of the attack, and its potential to spike the CPU on the target machine, made exploitation "difficult and unlikely."
Microsoft's second patch to correct an LSASS issue corrects a condition that could permit local privilege escalation. Windows security pros with a few years of experience probably had flashbacks to another Lsass problem from a few years ago - the Sasser worm that took down computers worldwide.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
