Security sites around the web reported on a out-of-cycle patch that Microsoft would release on October 23 that would fix a security vulnerability affecting most Windows operating systems. The vulnerability was rated critical on Windows XP, Windows 2000 and Windows 2003 and important on Windows Vista, Windows Server 2008 and Windows 7. According to Tech Herald security editor Steve Ragan the vulnerability exploits the Server service which is enabled by default on the operating systems where it was rated critical. The vulnerability could be triggered on unpatched systems by sending a malicious RPC request to the target system.

Windows Vista, Windows Server 2008 and Windows 7 require authentication and the vulnerability has therefor been rated as important on those systems:

“Default installations of Windows Vista and Windows Server 2008 require authentication due to protections introduced as part of UAC that enforce additional levels of integrity. This protection is in place even if the UAC prompt is disabled. Even after authentication, ASLR and DEP enhancements will present obstacles to exploitation,” the company added in their EI notes.

The update is already available on the Microsoft Download website and on Windows Update. The interesting part related to Windows 7 is the fact that this vulnerability is also affecting the upcoming Windows 7 operating system and therefor the first official security patch for that operating system published by Microsoft.

Subscribe To RSS Feed Updates (What is RSS??)

Bookmark & Share

Related Posts

• Windows 7 External NTFS Drive Update
• To wait or not to wait, that is the question
• Windows 7 Beta Signs Appearing On Technet China website
• Windows 7 Benchmarks
• An Update on the Windows Roadmap
• Windows 7 Beta Expected This week
• Windows 7 Privacy Statement Hints At Editions and Features