Microsoft ends year by patching 11 bugs
- 1
- 2
- < previous
The second zero-day plugged Tuesday was handled by MS07-067, which provides an update to the Macrovision driver that has been involved in attacks for more than a month. Although Macrovision issued a replacement driver for Windows XP and Server 2003 weeks ago, Microsoft missed including a fix for the driver in November's patch because it needed more time to prepare and test the update.
Also among Tuesday's patch batch were two bulletins -- MS07-063 and MS07-066 -- that affect only Windows Vista. Both updates were tagged as important rather than critical, even though Microsoft acknowledged that they could result in remote code execution.
"[These] are pretty nasty bugs, but there are enough mitigating factors to knock them off the top tier," said Storms. Both he and Sarwate noted that attackers have to have valid log-on credentials and must log on locally in order to exploit the bug patched by MS07-066, while the other Vista-only vulnerability's impact is limited because the affected part of the Server Message Block Version 2, or SMBv2, protocol isn't turned on by default.
But even with a glut of patches -- the most Microsoft has issued since August -- there was at least one fix missing, said Sarwate. "WPAD has not yet been addressed," he said, talking about a flaw in Web Proxy Auto-Discovery servers that Microsoft confirmed eight days ago.
The seven updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services (WSUS).
- 1
- 2
- < previous
- +
ARN's A-Z guide to networking 19 December, 2007 14:50:54
As business needs change, so do the requirements for the business backbone. ARN looks at networking trends and technologies and reports on predictions for 2008 and beyond. - +
Everything you need to know about Microsoft certs 31 December, 2007 07:16:29
Certification guru Patrick Regan explains the new Microsoft certs and reveals which Cisco, project management and security certs are worthwhile.Moderator-Julie: Welcome and thank you for coming. Our guest today is certification guru Patrick Regan. Patrick has penned over a dozen books, written the study guides for the A+ certification exams for Cisco Press and is currently writing an Exam Cram on Windows Server 2008. When not writing books, Patrick is a senior network engineer at Pacific Coast Companies supporting a large enterprise network and a celebrity blogger for Microsoft Subnet. We are giving away 15 free copies of Patrick's latest book, too. Go to the contest page for details. Now onto the chat. - +
Life on the EEEdge: Daily life with Asus' tiny laptop 04 January, 2008 07:15:21
6 annoying things (and 3 great ones) about Asus' ultraportableLike many gearheads, I've owned a lot of portable computers over the years -- and I've wanted to replace every last one with a smaller, sleeker upgrade, from the "luggable" Apple IIc onward. But most of those upgrades have left me disappointed: with the lack of software; with cheap, hard-to-use interfaces; and with "optional" add-ons that were in fact very much necessary to make the machine useful. - +
Microsoft starts '08 by patching 3 bugs 09 January, 2008 10:38:52
Slow start for 2008 but plenty more exploits expectedMicrosoft released just two security updates this week that patch three vulnerabilities in Windows, marking the beginning of the bug year with a relatively slow start, said researchers. - +
Microsoft security patches focus on client bugs 12 December, 2007 08:01:25
Microsoft has issued critical bug-fixes for Internet Explorer, DirectX, and its Windows Media Format technology.Microsoft has released its monthly set of security patches, fixing critical flaws in the Windows desktop.
Dimension Data, La Trobe University and Windows Server 2008 partner to improve compliance
La Trobe University partnered with Dimension Data to deploy Windows Server 2008 and Network Access Protection technology to improve their existing network security solution.
Buying Guides
Buying Guides
