Patch Tuesday brings quiet though serious start to 2008

Stephen Withers
Wednesday, 09 January 2008 03:17

Your IT - Home IT

Microsoft wasn't joking when it classified as critical one of the vulnerabilities addressed by this month's security updates. A flaw in TCP/IP processing can be exploited by sending maliciously crafted packets, giving the attacker complete control of the targeted system.

The vulnerability is rated critical for Vista and XP, including the x64 versions. It is regarded as important for Windows Server 2003, and Windows 2000 is not affected.

A second TCP/IP related vulnerability affects Windows 2000, XP, Server 2003 but not Vista. This one is rated moderate, with Microsoft officials saying "Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible."

Also addressed this month is a vulnerability in Windows' Local Security Authority Subsystem Service (LSASS), allowing an elevation of privileges by a local attacker in order to gain complete control of a system. This issue is rated important.

Just two security bulletins means the first Patch Tuesday for 2008 will be a relatively easy one for system administrators.

The Malicious Software Removal Tool has also been updated, along with the Windows Mail Junk E-mail Filter. An update for Windows Sidebar Protection helps protect against potential security vulnerabilities in Sidebar gadgets.