Vista - Critical Windows Bug Fix on Patch Tuesday

**NormCameron** · 01-09-2009

Patch for "Critical" bug fix on Patch Tuesday

"After being forced to rush out an emergency patch for its Internet Explorer browser last month, Microsoft plans to release just one security update in its first patch release of 2009. The update will be a critical fix for server and desktop versions of Windows, Microsoft said Thursday. It fixes at least one bug that could allow attackers to install unauthorized software on a victim's computer.
Microsoft did not say which bugs it would be fixing with next week's updates, but the company has several to choose from.
In the past month, Microsoft has warned of flaws in its WordPad Text Converter and SQL Server database software.
The researcher who disclosed the SQL Server flaw said recently that Microsoft has known about the issue since April, and had written a patch for it back in September.
One security researcher has also claimed that there is a bug in Microsoft's Windows Media Player, but Microsoft has disputed his findings.
But none of these flaws is in all versions of the underlying Windows operating system, which are being patched next week. According to nCircle Director of Security Operations Andrew Storms, Microsoft could be fixing a known Windows flaw that would allow hackers to gain unauthorized privileges on a computer. "An exploit has already been published for some time along with a whitepaper by the author," Storms said in an instant-message interview.
Microsoft has offered work-arounds for this flaw already, but it has now had enough time to prepare a full-blown security patch, Storms said.
However, the security researcher who found the flaw said he doesn't expect to see it patched next week. "I don't think they will patch my bug because it's rated critical (remote code execution) and my bug is about local elevation of privileges," said Cesar Cerrudo, chief executive of security research firm Argeniss, via instant message.
Local elevation of privilege flaws are not typically considered critical, although Storms said Microsoft may have discovered while fixing the problem that it was more severe than previously thought.
Microsoft's security updates will come nearly a month after the company scrambled to push out an emergency patch for Internet Explorer, after criminals began exploiting the flaw to install password-stealing software on victims' machines."

Microsoft to Kick Off 2009 with Single Security Fix - CSO Online - Security and Risk

Norm

**Joan Archer** · 01-10-2009

Thanks Norm, I'd already seen the notice about this one, that's not to say there wont be more when the time comes,

There will be the usual removal tool update as well I suppose and we'll see how many Office updates sneak in

01-09-2009	#1 (permalink)
NormCameron Windows 7 Ultimate 32 bit Beta, Vista Ultimate x86 1,082 posts	Critical Windows Bug Fix on Patch Tuesday Patch for "Critical" bug fix on Patch Tuesday "After being forced to rush out an emergency patch for its Internet Explorer browser last month, Microsoft plans to release just one security update in its first patch release of 2009. The update will be a critical fix for server and desktop versions of Windows, Microsoft said Thursday. It fixes at least one bug that could allow attackers to install unauthorized software on a victim's computer. Microsoft did not say which bugs it would be fixing with next week's updates, but the company has several to choose from. In the past month, Microsoft has warned of flaws in its WordPad Text Converter and SQL Server database software. The researcher who disclosed the SQL Server flaw said recently that Microsoft has known about the issue since April, and had written a patch for it back in September. One security researcher has also claimed that there is a bug in Microsoft's Windows Media Player, but Microsoft has disputed his findings. But none of these flaws is in all versions of the underlying Windows operating system, which are being patched next week. According to nCircle Director of Security Operations Andrew Storms, Microsoft could be fixing a known Windows flaw that would allow hackers to gain unauthorized privileges on a computer. "An exploit has already been published for some time along with a whitepaper by the author," Storms said in an instant-message interview. Microsoft has offered work-arounds for this flaw already, but it has now had enough time to prepare a full-blown security patch, Storms said. However, the security researcher who found the flaw said he doesn't expect to see it patched next week. "I don't think they will patch my bug because it's rated critical (remote code execution) and my bug is about local elevation of privileges," said Cesar Cerrudo, chief executive of security research firm Argeniss, via instant message. Local elevation of privilege flaws are not typically considered critical, although Storms said Microsoft may have discovered while fixing the problem that it was more severe than previously thought. Microsoft's security updates will come nearly a month after the company scrambled to push out an emergency patch for Internet Explorer, after criminals began exploiting the flaw to install password-stealing software on victims' machines." Microsoft to Kick Off 2009 with Single Security Fix - CSO Online - Security and Risk Norm
My System Specs

01-10-2009	#2 (permalink)
Joan Archer Vista Home Premium SP2 32bit / Windows 7 Home Premium 32 bit 1,063 posts	Re: Critical Windows Bug Fix on Patch Tuesday Thanks Norm, I'd already seen the notice about this one, that's not to say there wont be more when the time comes, There will be the usual removal tool update as well I suppose and we'll see how many Office updates sneak in
My System Specs

Similar Threads
Thread	Forum
Patch Tuesday heads-up: 8 bulletins, 5 critical	Vista News
Why Microsoft left Windows 7 unpatched on Patch Tuesday	Vista News
Patch for critical Windows vulnerability coming	Windows Updates
Patch Tuesday... 3 critical	Vista General
MS Patch Tuesday - Vista dinged again	Vista General