iTWire - Microsoft preps two fixes for upcoming Patch Tuesday

Microsoft preps two fixes for upcoming Patch Tuesday

by Stephen Withers
Friday, 09 November 2007
! Microsoft has warned IT professionals that it will issue two security bulletins next Tuesday, one rated Critical and the other Important. The Critical vulnerability permits remote code execution on Windows XP and Server 2003, and could therefore be the one in the SECDRV.SYS driver, which is part of Macrovision's SafeDisk copy-protection scheme but included with Windows. The list of affected Windows versions provided in Microsoft's bulletin describing the SECDRV.SYS vulnerability matches that for next Tuesday's update. According to the Symantec Security Response Team, that vulnerability allows an attacker to overwrite kernel memory and thereby bypass security restrictions, install a rootkit or carry out other nefarious activities. At least one exploit is known to be in the wild. Macrovision has already released an updated driver. It is based on the Vista version which is not affected by the flaw. The second vulnerability only affects Windows Server 2003. Microsoft describes it only as a spoofing vulnerability. Microsoft will also release an updated version of the Malicious Software Removal Tool, plus three high-priority, non-security updates apparently for products other than Windows itself. Please enable JavaScript in your browser to post your comment! Tags See All Tags Microsoft Security Software Stephen Withers Windows Get stories like this delivered daily - FREE - subscribe now

< Next story in category		Previous story in the category >

Tags See All Tags