Technology news and Jobs arrow Information Technology News arrow Microsoft preps two fixes for upcoming Patch Tuesday
Microsoft preps two fixes for upcoming Patch Tuesday E-mail
by Stephen Withers   
Friday, 09 November 2007
Microsoft has warned IT professionals that it will issue two security bulletins next Tuesday, one rated Critical and the other Important.

The Critical vulnerability permits remote code execution on Windows XP and Server 2003, and could therefore be the one in the SECDRV.SYS driver, which is part of Macrovision's SafeDisk copy-protection scheme but included with Windows. The list of affected Windows versions provided in Microsoft's bulletin describing the SECDRV.SYS vulnerability matches that for next Tuesday's update.

According to the Symantec Security Response Team, that vulnerability allows an attacker to overwrite kernel memory and thereby bypass security restrictions, install a rootkit or carry out other nefarious activities. At least one exploit is known to be in the wild.

Macrovision has already released an updated driver. It is based on the Vista version which is not affected by the flaw.

The second vulnerability only affects Windows Server 2003. Microsoft describes it only as a spoofing vulnerability.

Microsoft will also release an updated version of the Malicious Software Removal Tool, plus three high-priority, non-security updates apparently for products other than Windows itself.

Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!

 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter