Microsoft: Critical Vista patch coming

Microsoft's first Patch Tuesday for 2008 will be unusually quiet.

The Redmond, Wash. software maker plans to ship just two security bulletins on Jan. 8 to patch code execution vulnerabilities in the Windows operating system.

One of the two bulletins will be rated "critical," Microsoft's highest severity rating. The second is rated "important."

According to information in the company's advance notice mechanism, the "critical" bulletin affects all versions of Windows, including Windows Vista.

The second issue, described as a privilege escalation risk, affects Windows 2000, Windows XP and Windows Server 2003.

According to FrSIRT's Zero Day Monitor, there are two unpatched flaws affecting Microsoft Windows users.

One is a hole in the Microsoft DirectX Media SDK, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. The second is a buffer overflow in the Microsoft Windows CFileFind Class "FindFile()" function.

Last year, Microsoft shipped a total of 69 security bulletins.

print this article

Return to internet news headlines
View Internet News Archive

Share with: