Microsoft plugs 'critical' hole in Vista
Print story'Secure Development Lifecycle' only goes so far
Posted in Security, 8th January 2008 19:58 GMT
VMware whitepaper - The business case for Virtualization
Microsoft on Tuesday issued two security updates, one of them rated critical that fixes nasty bugs in Windows Vista that could allow an attacker to gain complete control over a user's machine.
The patch, which also applies to the XP, 2003 Server and 2000 versions of Windows, plugs two holes in the way the operating systems process Transmission Control Protocol/Internet Protocol (TCP/IP). Attackers could exploit them to remotely execute malicious code without requiring any user interaction.
Windows Vista was the first OS to be spawned from Microsoft's Security Development Lifecycle, a process designed to produce more secure products. The bugs addressed by Microsoft Security Bulletin MS08-001 are evidence that the program doesn't always work as advertised. The vulnerabilities are rated "critical" in Vista and XP. By contrast, they are described as only "moderate" in Windows 2000 and "important" in Windows 2003.
Redmond issued a separate patch for 2000, 2003 and XP versions of Windows for a bug rated "important." It affected the Windows Local Security Authority Subsystem Service (LSASS) and allowed attackers to run arbitrary code with elevated privileges. Vista is not susceptible. ®
An improved architecture for high-efficiency, high-density data centers
Implementing energy efficient data centers
Securing Web 2.0
The Register Guide to Extended Validation
Effectively Securing Small Businesses from Online Threats
Scareware mongers hitch free ride on Microsoft.com and others
Home Office death list 'stops ID fraud'
Boffin brings 'write once, run anywhere' to Cisco hijacks
Electronic votes mysteriously vanish in Ohio election