Another critical patch for Windows Vista

Stephen Withers
Wednesday, 11 March 2009 02:24

Your IT - Home IT

Microsoft officials have explained that the vulnerability exists only where certificates are mapped to local Windows accounts on the server, not where Active Directory is used.

An attacker may gain access to the public key if the same certificate is used for other purposes (eg signing email), by finding a way of reading information on the victim's computer, or by tricking the user into attempting to authenticate against a malicious server.

The third bulletin - also rated important though "functional exploit code that results in malicious code execution is highly unlikely" - covers multiple vulnerabilities in DNS and WINS Server with the possibility of spoofing.

The vulnerabilities could be exploited to redirect network traffic to an attacker's systems.

The affected operating systems are Windows 2000, Server 2003, and Server 2008 (excluding the Itanium version).

As usual, Microsoft has also updated the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter.

The patches and updates are available via Windows Update, or they can be downloaded from Microsoft's web site.