Microsoft releases two security patches for Windows
Microsoft is releasing collected security patches each month for their Windows operating systems. I'm not a fan of this approach because I would feel safer and securer if they would release patches as soon as they would be ready to be released, which would secure computers and reduce the time that someone could exploit these security vulnerabilities.
Two security patches have been released this month, they are the critical Microsoft Security Bulletin MS08-001 and the important Microsoft Security Bulletin MS08-002. The critical patch fixes vulnerabilities in Windows TCP/IP that could allow remote code execution while the important patch deals with a vulnerability in LSASS that could allow local elevation of privilege.
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Both patches are available through Windows Updates but also as single downloads. Several operating systems need to be patched including Windows Vista (only the critical), Windows 2000 and Windows XP. Downloads are available if you follow the links above.
Update: The security patches are always released on the second Tuesday of the month, unless they are that important that they need to be released directly and without delay.
Advertisement
Yes, and the patch that deals with Windows TCP/IP changes the half-open connections back to the default setting of 10 for XP and most likely to whatever it is by default for Vista too.
This means that all the proxy forum sites will be flooded with posts again as to why people are receiving nearly all “timeouts” when testing proxies with proxy analyzing software.
Rerun the patch available at http://www.lvllord.de/ following the install of the Windows patch.