Microsoft is releasing collected security patches each month for their Windows operating systems. I'm not a fan of this approach because I would feel safer and securer if they would release patches as soon as they would be ready to be released, which would secure computers and reduce the time that someone could exploit these security vulnerabilities.
Two security patches have been released this month, they are the critical Microsoft Security Bulletin MS08-001 and the important Microsoft Security Bulletin MS08-002. The critical patch fixes vulnerabilities in Windows TCP/IP that could allow remote code execution while the important patch deals with a vulnerability in LSASS that could allow local elevation of privilege.
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Both patches are available through Windows Updates but also as single downloads. Several operating systems need to be patched including Windows Vista (only the critical), Windows 2000 and Windows XP. Downloads are available if you follow the links above.
Update: The security patches are always released on the second Tuesday of the month, unless they are that important that they need to be released directly and without delay.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.