Microsoft plans two security bulletins; one critical impacting Vista

Microsoft plans two security bulletins; one critical impacting Vista

Summary: Microsoft plans a relatively light haul of two security bulletins on Patch Tuesday, but one of them is rated critical and dings Vista.Thursday's preview, which is an advance notice for folks that need to prepare for Microsoft's patches on Jan.

SHARE:

Microsoft plans a relatively light haul of two security bulletins on Patch Tuesday, but one of them is rated critical and dings Vista.

Thursday's preview, which is an advance notice for folks that need to prepare for Microsoft's patches on Jan. 8, highlight two issues.

The first bulletin is rated critical and covers a remote code execution. Things get interesting when Microsoft talks about the affected versions of Windows.

For Vista the bulletin covering the remote code execution is rated "critical." The bulletin is also critical for Windows XP Service Pack 2 and Windows XP Professional x64 Edition and its Service Pack 2. For Server 2003, however, the bulletin is merely "important."

As for the second bulletin, Microsoft says a "local elevation of privilege" vulnerability is "important." This problem affects Windows 2000 Server Pack 4, XP and Windows Server 2003 but doesn't apply to Vista.

Topics: Security, Microsoft, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

22 comments
Log in or register to join the discussion
  • But what about the most needed patch of all?

    You know, the one that turns Vista back into XP? We need that one bad!
    ejhonda
    • Say What

      Vista is so far above XP, if you know how to use its features & security.
      ebradsher2@...
    • Yeah we all def. need that patch (NT)

      NT
      rebelxhardcore
  • Glad I'm Not Using Vista

    Won't affect me!
    itanalyst
  • Why is that "interesting"?

    Server 2003's vulnerabilities are quite often given a lower severity rating than the same vulnerability in a client OS, simply because Server 2003 comes locked down by default (e.g. IE's Enhanced Security Configuration). The vulnerability is the same in all, however.
    PB_z
  • Is Ryan still around? Anyway...the Vista vulnerability will...

    ...likely run with the privileges of the logged in user and therefore, according the the ZDNet ABMer rules, not be applicable.
    ye
    • No, Ryan left

      These privilege escalation exploits wouldn't be exploits if the normal user privilege restrictions stopped it. This is why it's deemed important to patch.
      georgeou
      • I'm referring to the remote code execution vulnerability.

        As the privilege escalation is listed as "local" it too would be disqualified as it is not remote.
        ye
    • Now that you bring that up...

      No, the correct response would be that the number of vulnerabilities patched lately in XP/Vista is a tiny fraction of that of OS X, which would be an accurate assessment.

      How anyone can still argue that OS X is more secure than XP/Vista is beyond me. Less hacked, absolutely, but most definitely not more secure by a long shot. Its only saving grace is its pathetically low marketshare.

      Now [b]that[/b] is what you should be focusing on, but given your bias I am sure you will try to hide that little fact....
      Qbt
      • As compared to your red herring?

        > "given your bias I am sure you will try to hide that little fact..."

        In case it escaped you...the article is titled "Microsoft plans two security bulletins; one critical impacting Vista". Nothing in there about OSX.

        Oh yeah...as far as ye is concerned Gates and Balmer walk just slightly over the surface of the water, can't have their shoes defiled by the water ya know. Which makes your argument even more laughable. ;-)
        Cardinal_Bill
        • You confuse my dislike for ABMers and FUD for...

          ...a love of Microsoft. FACT: I correct people who spread FUD. Be it Windows, Microsoft, OS X, or Apple. Lately the FUD has been disproportionate against Microsoft/Windows and therefore you'll see a disproportionate amount of correction from me about them. Therefore it's understandable why you would reach the conclusion you have.
          ye
          • Then you...

            misunderstand my dislike of Microsoft and the NBM'r crowd. I've been using computers since well before Bill Gates managed to get ahold of a BASIC compiler. My first PC was probably bought from Michael Dell when he answered the phone and said "PC's Limited", and it wasn't the first PC I was associated with, just my first purchase.
            Gates has been a scam artist from the beginning, look into his negotiations with IBM for the first OS they provided. The company started corrupt and hasn't changed much. They provide the least product for the maximum of profit to them. They don't care about their customers except to view them as a meal ticket. They'll lie, cheat and steal to gain an edge. They've been caught, adjudged with penalties numerous times and the people who seem to be unable to recognize this, find it necessary to protect them are fools pure and simple.

            That's not FUD. It's the facts.
            Cardinal_Bill
          • They're no different than any other company. (nt)

            What you say about Microsoft applies to other companies as well. Don't think
            Microsoft is unique. Apple, Google, Dell, IBM, etc. They're all the same.
            ye
          • Oh?

            How many of those you listed started out (effectively) by entering into a contract to provide a product they didn't have? And even if the others were guilty..."They did it too!" isn't a defense, it's a poor excuse for a bad business practice.

            Me thinks he doth protest too much.
            Cardinal_Bill
      • Mac users

        Go to your own bulletin,
        rebelxhardcore
      • Mac users

        Go to your own bulletin, Mac is just as sh*tty as Windows.
        http://www.thebestpageintheuniverse.net/c.cgi?u=macs_cant
        rebelxhardcore
  • Lest we forget what increased security was supposed to mean

    "My son, seven years old, runs Windows Vista and, honestly, he doesn't have an antivirus system on his machine. His machine is locked down with parental controls, he can't download things unless it's to the places that I've said that he could do, and I'm feeling totally confident about that. That is quite a statement. I couldn't say that in Windows XP SP2."

    Jim Allchin, November 2006
    http://software.silicon.com/os/0,39024651,39164024,00.htm


    So, hands up how many ZDnet Vista users are running it without antivirus?
    whisperycat
    • Not I..

      Although I run Vista (Ultimate x64), I will NEVER run a windows box without antivirus, no offense but thats just plain ignorant when it comes to best security practices. Besides where you said he could download from I'm sure can be overrridden so if you wholeheartedly believe that you are fooling yourself. There is no subsitute for "best computing practices" and having antivirus installed is one of them.
      JT82
      • NOD32 (NT)

        NT
        rebelxhardcore
  • Re: Microsoft plans two security bulletins; one critical impacting Vista

    I wonder why Microsoft hasn't corrected and re-released their botched " MS07-069" patch???
    Altiris_Grunt