Microsoft releases two security patches for Windows - gHacks Tech News

Microsoft releases two security patches for Windows

Microsoft is releasing collected security patches each month for their Windows operating systems. I'm not a fan of this approach because I would feel safer and securer if they would release patches as soon as they would be ready to be released, which would secure computers and reduce the time that someone could exploit these security vulnerabilities.

Two security patches have been released this month, they are the critical Microsoft Security Bulletin MS08-001 and the important Microsoft Security Bulletin MS08-002. The critical patch fixes vulnerabilities in Windows TCP/IP that could allow remote code execution while the important patch deals with a vulnerability in LSASS that could allow local elevation of privilege.

This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Both patches are available through Windows Updates but also as single downloads. Several operating systems need to be patched including Windows Vista (only the critical), Windows 2000 and Windows XP. Downloads are available if you follow the links above.

Update: The security patches are always released on the second Tuesday of the month, unless they are that important that they need to be released directly and without delay.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Lorissa said on January 9, 2008 at 6:29 pm
    Reply

    Yes, and the patch that deals with Windows TCP/IP changes the half-open connections back to the default setting of 10 for XP and most likely to whatever it is by default for Vista too.

    This means that all the proxy forum sites will be flooded with posts again as to why people are receiving nearly all “timeouts” when testing proxies with proxy analyzing software.

    Rerun the patch available at http://www.lvllord.de/ following the install of the Windows patch.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.