|
|
The first critical update applies to all supported versions of Internet Explorer (6 through 9) and therefore all versions of Windows except Server Core installations of Server 2008. It addresses seven vulnerabilities, two of which were publicly reported. All seven may allow remote code execution.
The other concerns Windows DNS server and has more limited impact. It is regarded as critical on Server 2008 where it could be exploited to cause remote code execution and important on Server 2003 where a denial of service is possible. Windows 7, Vista and XP are not affected.
Seven Windows vulnerabilities patched this month are rated important. There's an insecure library loading issue affecting Windows 7 and Server 2008, a cross-site scripting vulnerability in Server 2008 R2's Remote Desktop Web Access, an NDISTAPI driver vulnerability in Windows XP and Server 2003, and a flaw in the Client/Server Run-time Subsystem in all currently supported versions of Windows.
Then there are a denial of service vulnerability in the TCP/IP stack for Windows 7, Vista and Server 2008; a vulnerability in Remote Desktop Protocol with the possibility of a denial of service in XP and Server 2003; a Windows Kernel denial of service vulnerability that can be exploited by inducing a user to open a malicious file;
Patches have also been released for other products - see page 2.
