Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated "important."

The Exchange and SQL flaws are "Elevation of Privilege" bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a "spoofing" bug, meaning that it could help hackers trick the user into doing things like visiting malicious Web sites.

The fourth update fixes a Windows flaw that could allow an attacker to run unauthorized code on a victim's PC, Microsoft said. Normally, this type of flaw is rated "critical" by Microsoft, but in this case the bug was probably given a less-severe rating because it doesn't work without the user first taking some extra actions or adding special software or drivers, said Eric Schultze, chief technology officer at Shavlik Technologies.

This remote code execution flaw affects Windows Vista and Windows Server 2008.

View: The full story @ InfoWorld


There is 1 additional comment
Advertisement
Quote this comment Reply to this comment #1 Posted by UAC on 04 Jul 2008 - 14:43
it doesn't work without the user first taking some extra actions. This remote code execution flaw affects

yet another reason to keep UAC enabled
[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.


Scroll to the Top
....
My Preferences
....
Communicating with server
Loading
Please Wait...
....
Loading
 X 
....