Channel News and Analysis - Channel Insider
Empowering the next generation Channel
 
Bull’s Eye Awards
Nominations Open for Channel Insider 2009 Bull’s Eye Awards
Nominations are now open for the Channel Insider 2009 Bull’s Eye Awards, which recognize excellence in customer service, technology prowess, business acumen, channel leadership, communications and community building, and innovation among vendors, solution providers, distributors and channel services companies.



Sponsored Links
  • SonicWALL breaks through network and email gridlock
  • Save up to 40% on calling costs with Avaya Aura™
  • HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us/go/4


    		•  

    Microsoft to Fix Two Windows Holes on Patch Tuesday

    in Channel News and Analysis
    DATE: 2007-11-09 | By Lisa Vaas


    Article Rating:starstarstarstarstar / 0
    Article Views: 589

    Rate This Article:
    Poor Best
    Add This Article To:
    Possible candidates for patching are a Macrovision driver flaw and a flaw that's been letting in rigged PDFs.

    Patch Tuesday will bring two security bulletins from Microsoft, one of which is critical and involves a remotely exploitable hole on Windows systems, the other of which is rated important and also affects Windows.

    eEye's Zero-Day Tracker, as of Nov. 9, is listing three active zero-day Windows and Internet Explorer vulnerabilities, all of which have been publicly disclosed and/or used in attacks, none of which have been patched.

    Resource Library:
    The critical patch promised for the Nov. 13 Patch Tuesday could well be a flaw in a Macrovision driver on Windows XP and Windows 2003. That vulnerability was actively being exploited in the wild as of Nov. 5, when Microsoft sent a special security advisory to warn customers of the danger of complete system takeover.

    Microsoft said at the time that Vista is immune to the vulnerability, which is a memory corruption error in the Macrovision Security Driver when processing user-supplied data. The vulnerability can be used by local attackers to gain so-called Ring 0 privileges—a hierarchical level with the most privileges and which interacts most directly with physical hardware, including the CPU and memory.

    Similarly, the critical patch expected on Patch Tuesday affects Windows XP and Windows 2003, not Vista, meaning there's a good chance that is the bug that's next up for a fix.

    Microsoft might also be planning to release a security update to fix the Windows hole that's been letting attackers run wild with rigged PDF files. The company put out a special security advisory on Oct. 25 regarding that exploit, which has involved a wave of malware spamming in late October that reached what security researchers called "massive" proportions.

    The important Windows update concerns spoofing, Microsoft said in its monthly security bulletin advance notice.

    Both the updates will require a restart except under certain conditions with the one marked "important." In the case of both updates, Microsoft Baseline Security Analyzer can detect whether a system requires the update.

    Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.



    Discuss Microsoft to Fix Two Windows Holes on Patch Tuesday
     
    >>> Be the FIRST to comment on this article!
     

     
     
    >>> More Channel News and Analysis Articles          >>> More By Lisa Vaas
     



    		 

    Related Content

    Articles Labs/How-To Multimedia


    [ci] feeds
    XML
    Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

    HTML PLAIN TEXT

    Keep on top of news for VARs and Resellers with CI's Weekly Newsletter and Alerts.

     

    CHANNEL RESOURCE CENTER
     
     
    How to Unleash Application Performance with Solid-State Drives and Sun Servers
    Unleash the Beast! Learn from Sun and Intel experts how Sun servers equipped with Flash-enabled solid-state drives offer dramatic improvements to HPC, Web 2.0, and data center application performance Watch this video to learn more
    Watch Video
     
    Build A More Efficient Data Center
    Demands are growing but budgets are not. Solve your pressing IT issues using the resources you already have. Determine which technologies can help you drive efficiencies and how they are applied. Gain a quick ROI on new initiatives
    Find out how
    Easily Monitor Virtual, Physical, and Cloud based assets, applications and services from a unified Dashboard with up.time. Deep Monitoring across platforms and best-of-breed reporting. Over 700 enterprise customers in 32 countries.
    Read Article