Microsoft to patch single Windows 2000 vulnerability

By SearchSecurity.com Staff 11 Jan 2010 | SearchSecurity.com

Security UK News Digg This!     StumbleUpon     Del.icio.us

Microsoft is starting off the new year by giving most Windows administrators a break, announcing plans to release a single update correcting a critical vulnerability affecting Windows 2000 during its regular patching schedule next week.

No vulnerability details have been released, but Microsoft said it gave the flaw a low rating for all other platforms.

"Customers with Windows 2000 systems will want to review and deploy this update as soon as possible but, as we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high which lowers the overall risk," said Microsoft security program manager Jerry Bryant, Microsoft security program manager, wrote in the Microsoft Security Response Center blog.

Bryant said it would not patch a vulnerability in the protocol that handles messages between devices on a network for its newest Windows 7 operating system.

A denial-of-service (DoS) vulnerability contained in the Server Message Block (SMB) was discovered in November. It affects both Windows 7 SMBv1 and SMBv2. Microsoft engineers are continuing to test a patch for the flaw. The hole enables an attacker to crash a Windows 7 machine. In its advisory, Microsoft said the Windows 7 DoS vulnerability could be exploited if a victim visits a malicious website. It also affects users of Windows Server 2008.

In December, Microsoft addressed five vulnerabilities in Internet Explorer, including a serious zero-day flaw, a flawed ActiveX control that enabled attackers to gain access to a victim's system. Microsoft issued six bulletins in December, three critical, repairing 12 vulnerabilities across its product line.

Tags: Platform and OS Security Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Platform and OS Security Management Microsoft issues advisory on new IE security vulnerability Microsoft patches SMB flaws, Hyper-V problem in big update Microsoft blue screen affecting few corporate PCs Microsoft to fix 26 flaws in Windows, Office Thin-client technologies surge thanks to easier security, says Deloitte Microsoft issues critical security update, blocks IE 6 attacks How to use Windows XP Mode in Windows 7 How to prevent memory dump attacks Microsoft gives Internet Explorer a major security overhaul Exploit code targets Internet Explorer zero-day display flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary