Another critical patch for Windows Vista

Stephen Withers
Wednesday, 11 March 2009 02:24

Your IT - Home IT

Three bulletins covering eight vulnerabilities in Windows - that's the score for this month's Patch Tuesday. While one bulletin is rated critical, none of the issues have the highest exploitability index.

Microsoft has issued three security bulletins this month, one rated critical and two important.

The critical issues are in the Windows Kernel and affect Windows 2000, XP, Server 2003, Vista and Server 2003.

According to Microsoft, exploits of these problems are more likely to cause crashing rather than allowing functional code execution, though the company does warn that the most serious flaw covered in the critical bulletin could  allow remote code execution if a maliciously crafted EMF or WMF file is displayed.

The first of the important bulletins covers the same list of operating systems.

A vulnerability in the Secure Channel (SChannel) security package in Windows could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.

More specifically, it may provide a means for an attacker to log in to a SSL protected server that uses certificate-based client authentication just by knowing the public key part of the certificate.

Please read on for more information about the certificate issue, and details of the third bulletin.