Site Archives Microsoft
December Patch Tuesday
Microsoft has released 8 new patches resolving 6 critical and 2 important vulnerabilities found in its various products. The vulnerability for the Visual Basic 6.0 ActiveX Control has publicly available exploit code, so it should be patched as soon as possible. The products with critical severity vulnerabilities include:
- GDI
- Windows Search
- Internet Explorer
- Visual Basic 6.0 Runtime Extended Files (ActiveX Controls)
- Microsoft Office Word
- Microsoft Office Excel
Does Vista Have a New Vulnerability?
There have been reports of a new vulnerability in Microsoft Vista that would allow a local user to run code as System, which is an even higher privilege level than Administrator. However, the user would have to be an Administrator to exploit the vulnerability, and the practical differences between Administrator and System are minimal. So really, there is not much of a reason to be concerned. If you see reports for an iphlpapi.dll Local Kernel Buffer Overflow, a Vista TCP/IP stack buffer overflow or a CreateIpForwardEntry2 this is the issue being referenced. There is no need to panic. In fact, Microsoft is not releasing an out-of-band patch for this issue, so they don’t believe it’s that critical. Phion AG, the researcher group who found the vulnerability, has released a patch of its own, but we do not recommend you install it at this time.
Patch Tuesday
Microsoft’s Patch Tuesday has arrived, and there are two new security patches available. And although only a couple of patches were released, patching this month is just as important as ever. The first patch deals with a critical flaw in the XML Core services, which are called by Internet Explorer. This vulnerability could allow remote code execution. The second patch deals with the Server Message Block (SMB) protocol, used for file sharing in Windows. This patch is rated “important” by Microsoft, and could also result in remote code execution. Both patches are listed as “exploitable” by Microsoft. The patches are more critical on client workstations than servers, since they affect client programs such as web browsers. Gladiator recommends you install these patches during your standard release cycle.
Microsoft Releases Critical Out-of-Band Patch
GSA Reference Number: AD081023-01
Simply Put: Normally Microsoft only releases patches on the second Tuesday of each month. But Microsoft has just released a bulletin notifying customers they will release a patch to address a new remote code execution exploit. The patch was posted today at 1 pm and addresses a bug in the Server Service.
Patch Tuesday
Today is Patch Tuesday, Microsoft’s monthly patch release day. There were 11 new advisories released, with 4 of them critical, 6 important and 1 moderate. The critical patches deal with Active Directory, Internet Explorer, Host Integration Server and Microsoft Excel. These should be applied as soon as possible. Remember to test them on a subset of your servers first to make sure they’re compatible with all of the software you currently run.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
Monthly Archives
Find posts by the month they were written.
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- July 2008
- May 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007