Two Security Updates for Windows OS Released by Microsoft
On January 3, 2008, Microsoft Corp. announced that it would ease into this patch year with the release of only two security updates in the mid-week of January 2008.
The notification about the upgrades was posted in advance on January 3, 2008 on Microsoft's site. It wanted the IT staff members to have an idea of the kind of hectic schedule (to fix the patches) awaiting them in the mid-week of January 2008.
Out of the two patches, one is believed to be critical for end users of Windows XP and Vista since hackers could exploit the bugs it patches to load malware onto the target's machine. This particular security patch is considered critical for people having Windows Server 2003 and moderate for those using Windows 2000.
However, the second update could permit a hacker to exploit a code to obtain an elevated level of privilege on a platform than normal permissible limits. This update compromises all variants of Windows, excluding Vista.
Since Microsoft referred it as a "local privilege elevation" - thereby implying that a strike needs a local address - it rated the flaw as critical and comprehensive.
Even though Microsoft furnishes just basic information in its pre-update announcement, this update may be a patch for the Web Proxy Auto-Discovery (WPAD) flaw that the firm's security group recognized nearly a month back in November 2007, but didn't patch early enough to create the December 11 set of updates. The WPAD flaw lies in the manner in which Windows computers search for DNS information. It was initially fixed in 1999 but reappeared a short time ago when an investigator indicated that it had sneaked into later variants of Windows.
The short patch series to launch the year is also projected to contain the issue of an upgraded edition of the Windows Malicious Software Removal Tool made available on Microsoft Update, Windows Update, Windows Server Update Services and Microsoft Download Center.
Moreover, Microsoft is planning for five non-security urgent updates for Windows Server Update Services (WSUS) and Microsoft Update, and two additional updates meant for Windows via WSUS and Windows Update.
Related article: THE SPAM MAFIA
» SPAMfighter News - 15-01-2008