Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Microsoft to issue two security patches on Jan. 8

Google

Add to del.icio.us     Digg this story Digg this

Jan. 5, 2008

Yesterday, Microsoft said that next Tuesday it will be issuing two security patches to repair security flaws in its Windows operating system. One update will be rated critical, the company's most serious security rating, while the other will be tagged as important, its next-lower rating.

Jan. 8's critical update is expected to fix a remote code execution vulnerability found in all currently supported versions of Windows, ranging from Windows 2000 SP-4 up to Windows Vista.

According to Microsoft, this security flaw is especially threatening to users of Windows XP and Vista. The company ranked the flaw critical to those operating systems, but downgraded it to important to Windows Server 2003, and just moderate to Windows 2000 users.

Microsoft provides mostly "bare-bones" information in its prepatch notification. These two security patches are a fix for the Web Proxy Auto-Discovery (WPAD) problem that the company's security team acknowledged in December.

However, it didn't fix in time to make the Dec. 11 batch of updates. The WPAD vulnerability (actually a security flaw in how Windows PCs look up DNS information) was originally patched in 1999, but resurfaced recently when a researcher pointed out that it had crept back into later versions of Windows.

"I'm leaning toward something else, because WPAD doesn't seem to fit with the criticality of this," said Ryan Poppa, lead research engineer at nCircle Inc.

Poppa offered an explanation of his personal interpretation on how Microsoft rated this vulnerability for the different versions of Windows. "It mostly affects the workstations, and not servers," he said, referring to the important rating for Windows Server 2003 and the critical label for XP and Vista.

Poppa added "it might be a fix for a service that's not turned on by default on Windows 2003, but is on XP and Vista. It could be something like Remote Desktop, for example."

Microsoft's update scheduled for January 8 affects all versions of Windows. Because Microsoft classified it as a "local elevation of privilege" (it typically means that an attack requires local access) it ranked the vulnerability as important across the board.

Additionally, Microsoft plans to release five nonsecurity but "high-priority" patches via Microsoft Update and Windows Server Update Services (WSUS).

The software giant also plans two nonsecurity, high-priority updates for Windows on Windows Update and WSUS. Microsoft Update downloads and installs not only fixes for Windows, but also updates for Office and several other Microsoft products.

These two security updates and their associated explanatory bulletins will go live Jan. 8 at around 1 P.M., EST.

Add to del.icio.us     Digg this story Digg this

Source: Microsoft

Google


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer