Microsoft Comes Up with Two Windows Security Updates
Microsoft Corp. announced on January 3, 2008 on its website that it would issue only two security updates in the second week of January 2008 as it generally released from time to time.
Microsoft Corp. cited these updates as very crucial for Windows users. One of the updates is 'critical' for users of Windows Vista and XP because these are vulnerable to attacks by hackers who intend to install illegitimate software on their systems. Additionally, this update is not only imperative for Windows Vista and XP users, but is also important for Windows Server 2003 users and vital for Windows 2000 users.
The second update is 'vital' for users of all versions of Windows, except Vista, as it contains information regarding how attackers can run software with great dexterity on their system, which is normally denied.
However, Microsoft has given utmost importance to the second update because the users who use Windows for local access are more susceptible to be attacked and therefore, the company has classified it as a "local elevation of privilege".
Though Microsoft had given some trivial information about this update in its pre-patch notification, this patch may be used to fix the Web Proxy Auto-Discovery (WPAD) bug discovered by the security team of the company in November 2007 but could not fix it on time.
The WPAD vulnerability was plugged in 1999 and basically involves how Window PCs react to DNS information. Since then, there were no such problems but very recently, researchers observed that same sort of problems reappeared and could pose serious threats to all kinds of Windows users. To cope with this menace, the company decided to come up with new patches.
As per the notification on the company's website, the updates might also include the release of updated version of the Microsoft Windows Malicious Software Removal Tools on Windows Update, Windows Server Update Services (WSUS), Microsoft Update, and the Download Center.
The company is also planning to release five non-security, highly effective updates for Microsoft Update and WSUS and two more such updates for Windows on WSUS and Windows Update.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 07-01-2008