Microsoft pencils in two patches for next week

**Glaswegian** · 01-04-2008, 04:19 AM

Microsoft Corp. will ease into the patch year by issuing just two security updates next week, the company said today.

The updates will fix flaws in Windows, Microsoft said in the prepatch notice. One will be rated "critical," the company's most serious ranking, while the other will be tagged as "important," the next-lower rating.

Tuesday's critical update is expected to patch a remote code execution vulnerability found in all currently supported versions of Windows, ranging from Windows 2000 SP4 to Windows Vista. The bug is especially threatening to users of Windows XP and Vista, according to Microsoft. The company ranked the flaw critical to those operating systems, but important to Windows Server 2003 and "moderate" to Windows 2000.

Although Microsoft provides only bare-bones information in its prepatch notification, this update may be a fix for the Web Proxy Auto-Discovery (WPAD) bug that the company's security team acknowledged a month ago, but didn't fix in time to make the Dec. 11 batch of updates. The WPAD vulnerability -- actually a flaw in how Windows PCs look up DNS information -- was originally patched in 1999, but resurfaced recently when a researcher pointed out that it had crept back into later versions of Windows.

http://www.computerworld.com/action/...ce=rss_topic17

01-04-2008, 04:19 AM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 21,334 OS: Win XP Pro SP3 My System Blog Entries: 10	Microsoft pencils in two patches for next week Microsoft Corp. will ease into the patch year by issuing just two security updates next week, the company said today. The updates will fix flaws in Windows, Microsoft said in the prepatch notice. One will be rated "critical," the company's most serious ranking, while the other will be tagged as "important," the next-lower rating. Tuesday's critical update is expected to patch a remote code execution vulnerability found in all currently supported versions of Windows, ranging from Windows 2000 SP4 to Windows Vista. The bug is especially threatening to users of Windows XP and Vista, according to Microsoft. The company ranked the flaw critical to those operating systems, but important to Windows Server 2003 and "moderate" to Windows 2000. Although Microsoft provides only bare-bones information in its prepatch notification, this update may be a fix for the Web Proxy Auto-Discovery (WPAD) bug that the company's security team acknowledged a month ago, but didn't fix in time to make the Dec. 11 batch of updates. The WPAD vulnerability -- actually a flaw in how Windows PCs look up DNS information -- was originally patched in 1999, but resurfaced recently when a researcher pointed out that it had crept back into later versions of Windows. http://www.computerworld.com/action/...ce=rss_topic17 __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs