|
|
The critical issues are in the Windows Kernel and affect Windows 2000, XP, Server 2003, Vista and Server 2003.
According to Microsoft, exploits of these problems are more likely to cause crashing rather than allowing functional code execution, though the company does warn that the most serious flaw covered in the critical bulletin could allow remote code execution if a maliciously crafted EMF or WMF file is displayed.
The first of the important bulletins covers the same list of operating systems.
A vulnerability in the Secure Channel (SChannel) security package in Windows could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
More specifically, it may provide a means for an attacker to log in to a SSL protected server that uses certificate-based client authentication just by knowing the public key part of the certificate.
Please read on for more information about the certificate issue, and details of the third bulletin.
