MS Patches Vista Bug That Survived Beta

Microsoft Corp. today unveiled the second stage of its April security updates by releasing five security bulletins that patched eight vulnerabilities — including one that was missed during the company’s Windows Vista beta testing and ended up in the final version of the new operating system.

Of the four updates that addressed bugs in Windows, the MS07-021 update was clearly the one to patch pronto, said researchers. “This is my first [to patch] choice,” said Amol Sarwate, manager of Qualys Inc.’s research lab. “It affects everyone,” agreed Minoo Hamilton, senior security researcher with patch management vendor nCircle Network Security Inc.

The update, which fixes three different bugs, includes one marked critical that affects all supported editions of Windows, from 2000 through XP and Server 2003 to Vista. The vulnerability in the error message processing of the Windows Client/Server Run-time Subsystem (CSRSS) can be exploited remotely, said Microsoft, and could result in a complete compromise of the PC.

The most likely way to deliver an attack: Dupe users into visiting a malicious Web site. Ironically, this MsgBox flaw was acknowledged by Microsoft more than three months ago and was reported to the company’s security team about the same time as the animated cursor (ANI) bug patched by an emergency fix last week.

Comments

Popular posts from this blog

How To Avoid Hacker Attacks On Firefox

Firefox CAN be faster – 4 easy tricks

Firefox, now on TV