What a nice start to the New Year -- only 2 updates from MS this month.
The first patch is only for users who are running MS Vistas. It fixes a vulnerability in the way Vista handles backup files (like those created by System Restore Points). A specially crafted backup file and DLL are needed to make an exploit happen. So far, there have been some proof of concept exploits for this, but nothing that shows attackers are using this yet. But still
The other affects XP, Vista, Windows 7, Server 2003 and Server 2008/2008 R2 -- so pretty much everyone out there. This one fixes a vulnerability in MS Data Access Components (basically this is how programs access data in a database) So to get hit by this one, a user just has to visit a malicious website -- an the attacker gets access to the system with the same privileges as whoever visited the site. Same as before -- some exploits exist, but nothing widespread has been seen.
The latest exploits for IE or the Graphic engine are not being fixed with these patches. There are exploits being seen for these two... stay tuned for the fix on these. MS has not said it will release an out-of-schedule patch for either.
No comments:
Post a Comment