microsoft to fix two windows holes on patch tuesday
microsoft to fix two windows holes on patch tuesday
search
homenewsreviewsopinionsstoragesecuritychannelblogsvideospodcastsbuyers guidecareersknowledge center
security news|security reviews|channel insider|security blogs|videos|podcast|buyer's guide|security special reports|all topics / industries|all sites|slideshows|it link
home > topics > security > news >
microsoft to fix two windows holes on patch tuesday
by lisa vaas
november 9, 2007
possible candidates for patching are a macrovision driver flaw and a flaw that's been letting in rigged pdfs.
patch tuesday will bring two security bulletins from microsoft, one of which is critical and involves a remotely exploitable hole on windows systems, the other of which is rated important and also affects windows.
advertisement eeye's zero-day tracker, as of nov. 9, is listing three active zero-day windows and internet explorer vulnerabilities, all of which have been publicly disclosed and/or used in attacks, none of which have been patched.
the critical patch promised for the nov. 13 patch tuesday could well be a flaw in a macrovision driver on windows xp and windows 2003. that vulnerability was actively being exploited in the wild as of nov. 5, when microsoft sent a special security advisory to warn customers of the danger of complete system takeover.
microsoft said at the time that vista is immune to the vulnerability, which is a memory corruption error in the macrovision security driver when processing user-supplied data. the vulnerability can be used by local attackers to gain so-called ring 0 privilegesa hierarchical level with the most privileges and which interacts most directly with physical hardware, including the cpu and memory.
similarly, the critical patch expected on patch tuesday affects windows xp and windows 2003, not vista, meaning there's a good chance that is the bug that's next up for a fix.
microsoft might also be planning to release a security update to fix the windows hole that's been letting attackers run wild with rigged pdf files. the company put out a special security advisory on oct. 25 regarding that exploit, which has involved a wave of malware spamming in late october that reached what security researchers called "massive" proportions.
the important windows update concerns spoofing, microsoft said in its monthly security bulletin advance notice.
both the updates will require a restart except under certain conditions with the one marked "important." in the case of both updates, microsoft baseline security analyzer can detect whether a system requires the update.
check out eweek.com's security center for the latest security news, reviews and analysis. and for insights on security coverage around the web, take a look at eweek's security watch blog.
add security news, product reviews, trends and analysis - eweek.com security center rss feed to your feed reader so that you don't miss another headline!
more readers
bloglines
rojo
newsgator
pluck
untitled-1
fill-in form below to apply.
first name:
last name:
title:
company:
addr.:
city:
state:
al
akaz
arca
coct
dedc
flga
guhi
idil
inia
ksky
lame
mdma
mimn
msmo
mtne
nvnh
njnm
nync
ndoh
okor
papr
risc
sdtn
txut
vtvi
vawa
wvwi
wy--
aeap
--ab
bcmb
nbnf
nsnt
onpe
qcsk
yt
zip code:
e-mail:
renew today
try digital eweek!
subscription help
free ziff davis enterprise eseminars at eseminarslive.com
nov 8, 12 p.m. et
case study: it consultancy achieves fast, reliable backup with data de-duplication.
sponsored by exagrid & symantec
nov 8, 2 p.m. et
learn how one company gained one hour a day per mobile worker with michael krieger.
sponsored by nokia
nov 8, 4 p.m. et
increase application availability through a new approach to it controls with charlene o'hanlon.
sponsored by signacert
nov 9, 2 p.m. et
today's internet security landscape: a closer look at evolving threats with charlene o'hanlon.
sponsored by messagelabs
join us on nov. 28 for inside the secure mobile enterprise. this live, interactive day-long event with industry experts, leading authorities and your peers will share the information needed to build a solid secure mobility strategy that will enable and support the future success of your company. live and on-demand attendees, with complimentary registration, can learn why security should be the most important consideration in planning your company's mobility strategy.
register today!
featured content
it link discussion - migration
a windows vista® migration introduces new and unique challenges to any it organization. it's important to understand early on whether your systems, hardware, applications and end users are ready for the transition.join the discussion today!
what is your security threat risk? the verisign security check-up
take the verisign security check-up and find out.
sponsored by ziff davis enterprise group
new from ziff davis enterprise
don't miss a single breaking story while you're on the go! now you can get the latest technology news & reviews from the trusted
editors of eweek.com on your
handheld device
mobile.eweek.com sponsored by
learn more about vmware & lefthand networks
enter to win fluke networks' netflow tracker.
you have a choice!ericom's alternative to citrix.
download the windows server® 2008 release candidate today.
be smart. palm®treo™ 750 smart device now just $199.
learn how to be a retail visionary with motorola.
christopher guest and intel rock it to the core.
snagit: capture, edit and share your pc screen!.
it pros: talk networks, get a $25 coffee card.
lead it as an intel premier it professional .
rocketstream file transfer: fast, reliable, secure.
get free trials and demos of microsoft dynamics.
seagate helps you satisfy customers and earn more.
defy the laws of reporting with crystal reports® 2008.
global development & testing from lionbridge-whitepaper.
one tool queries multiple data sources learn more!
motorola rf management suite. see more. stress less
cdwg. we're there with whatever you need, when you need it.
astonishing color prints. black and white prices
defy all challenges. microsoft® visual studio 2005
related links
singer's myspace page hacked, cleaned, rehacked
rbn gang moves, sets up shop in china
hackers scam thousands with bogus anti-spyware offers
mac's first trojan begins to breed
salesforce.com employee hands customer list to phisher
share this
digg this
post to del.icio.us
post to slashdot
proactive maintenance and adaptive power management using dell openmanage systems from dell
advances in data warehouse performance from ibm
diskeeper and email servers
from diskeeper
see all white papers >
virtual tradeshow
storage: translating information into profit
join sr. editor charlene o'hanlon and industry experts on oct. 31 as they focus on helping companies achieve goals in meeting current storage needs while planning for the future. live and on-demand attendees will hear in-depth analysis of the trends driving the storage market, and tips and techniques for achieving storage needs efficiently and cost-effectively. complimentary registration!
register now!
ziff davis white paper library
make informed purchasing decisions across the entire enterprise market with this vast resource of white papers containing information on products and solutions for technology buyers in an easy-to-use, searchable format.
ziff davis web buyer's guide white paper library >
security rss feed
want an easy way to keep up collaboration and messaging news, reviews and opinions? get eweek headlines delivered to your desktop with rss.
security coverage
security analysis
security news
security opinions
security reviews
special reports
browser security
cyber crime
exploiting google
government
identity management
internet security
managing digital rights
microsoft patch management
network security
piracy & counterfeiting
privacy
rsa conference
sobig virus
spam
spyware
windows security
virtual tradeshow
worm attacks
find security products
anti-virus
firewalls
intrusion detection
spam filtering
spyware
vpn
wireless security
compare products
all
products>
eweek career center
search 90,000+ high-quality tech jobs at dice.com.
powered by dice
free newsletters
get eweek's free online newsletters. fill-in the form below:
1. make your selections:
securing the enterpriseeweek news & viewsthe channel insider update
2. select email format:
html
text only
3. enter email address:
view all newsletters >
eweek editorial calendar
for a list of what eweek is covering this year, go to our
editorial calendar.
issue index |
contact us |
about |
advertise |
magazine customer service |
site map
ziff davis enterprise home |
contact us |
advertise |
link to us |
reprints |
magazine subscriptions |
newsletters
rss feeds |
white papers |
roi calculators |
tech jobs |
tech podcasts |
tech video |
baseline |
careers |
channel insider |
cio insight |
desktoplinux |
deviceforge |
devsource |
eseminars |
eweek |
linuxdevices |
linux watch |
microsoft watch |
mid-market |
networking |
pdf zone |
publish |
eweek security |
strategic partner |
web buyer's guide |
windows for devices
developer shed |
dev shed |
asp free |
dev articles |
dev hardware |
seo chat |
tutorialized |
scripts |
code walkers |
web hosters |
dev mechanic |
dev archives |
it marketplace |
igrep
use of this site is governed by our terms of use and privacy policy
copyright ©1996-2007 ziff davis enterprise inc. all rights reserved. eweek and spencer f. katt are trademarks of ziff davis enterprise, inc. reproduction in whole or in part in any form or medium without express written permission of ziff davis enterprise inc. is prohibited.
Acceuil
suivante
microsoft to fix two windows holes on patch tuesday AppleInsider Apple releases iMac freezing fix, MacBook Pro ... AppleInsider iMac Software 1.2.1; Time Machine fix; MacBook ... Fantasy Fix: Starters - MSN Video Qwik-Fix (de PivX Labs) CSS PNG Image Fix for IE » Blog » Komodo Media What Mozilla users should know about the shell: protocol security ... GUNDAM FIX FIGURATION Outlook Recovery Tool to Fix PST File - PST Repair Software NVidia Refresh Rate Fix Win2K/XP - PC INpact AmyFix.com Fix - Wikipedia Heroes: The Fix - TV.com Conservatives to fix glitch that could block rural voters WMP Scripting Fix Ezee-Fix Don’t Throw Out Your Broken iPod; Fix It via the Web - New York Times Jim Fix Fix Your Own Printer Download details: SafeDisc Windows XP Fix for Microsoft Games It's not always malware: How to fix the top 10 Internet Explorer ... The Fix - Salon.com Fix 4 RSO fixoyun fix oyun fiks oyunlar fıxoyun fıx oyun fiks oyun fix ... Editor's Daily Blog: A Temporary Fix Screenplay Coverage from ***** script-fix ***** FIX-TIPS Free Football picks & Best Soccer betting tips, soccer ... Amazon.com: War Fix: Books: Steve Olexa,David Axe Coldplay – Fix You – Music at Last.fm WinXpFix.com Home page (wixpfix.com) Windows xp news, Tips, Free ... M i c h a e l F i x Les plus beaux restaurants du monde : Le Fix NASA plans spacewalk to fix ripped solar wing - CNN.com BBC - Languages French Quick Fix - Basics DailyTech - Apple Releases Fix for iMac Freeze Issue, Updates MacBooks PC World - Apple Posts QuickTime Security Fix PC World - Two Charged with Hacking PeopleSoft to Fix Grades Troubleshooting 101 : How to fix the family computer and save your ... Apple posts fix for freezing iMacs - Engadget Digg - Don’t Throw Out Your Broken iPod; Fix It via the Web Kitco Inc. - Past Historical London Fix Fix-A-Flat - Car Care Products- A easy way to fix a flat tire IPv6 Fix: Home Intel Researcher Homepage Fix the pumps réseau pc fix(usb) portable wifi - je ne trouve pas les config ... Télécharger Works Fix FixMyXP.com - Your One Stop Windows XP Fix It Site ColdFusion 8.0 Cumulative Hot Fix 1 ColdFusion MX 7 Cumulative Hot Fix 3 Definition of fix - Merriam-Webster Online Dictionary 6 Ways to Fix a Confused Information Architecture (Jakob Nielsen's ... Growing a Business Website: Fix the Basics First (Jakob Nielsen's ... BBC NEWS Science/Nature Lovelock urges ocean climate fix BBC SPORT Tennis Llodra reveals match-fix approach Aimfix - Jayloden.com Télécharger Object Fix Zip - Zebulon.fr : téléchargement du ... Definition: fix from Online Medical Dictionary B2BITS — High Performance FIX Solutions Fast Fix Jewelry and Watch Repairs Excel Recovery Tool - Fix & Repair Excel File - Corrupt XLS Repair ...