Microsoft yesterday added a fix that resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008.
Additionally Microsoft removed the severity rating for Windows Server 2008 for Itanium-based Systems, added Frequently asked Questions (FAQ) related to this security update entries to explain the reason for the rating change and to clarify that the update for Windows Server 2008 for Itanium-based Systems is available through the Microsoft Download Center. Phew..
Oh and also, changed the Microsoft Baseline Security Analyzer and Systems Management Server deployment summaries to "no" for Windows Server 2008 for Itanium-based Systems in the Detection and Deployment Tools and Guidance section. There were no changes to the security update binaries.
So there you have it, and no this doesn't in any way apply to Windows Vista, glad I kept your attention though!
Link to: Microsoft Security Bulletin MS08-062
1 Comment - Add comment