Microsoft issue unexpected critical Windows patch
The bulletin, released yesterday, outlines a flaw in the Server service which allows for remote code execution upon receipt of a specially crafted RPC request ? which is to say that this vulnerability does not require user interaction to exploit, making it a particularly nasty little bug. While the flaw requires that your firewall rules allow RPC requests in, it’s certainly easier to exploit than most modern Windows vulnerabilities ? and trivial from within a local network.
Interestingly, the flaw ? which dates right back to Windows’ roots in the New Technology (NT) era ? also affects the latest pre-beta release of Windows 7, the next-generation Microsoft OS. Although the flaw still exists in Windows 7, it’s not quite as bad as prior versions ? an attacker must already be authenticated against the target system, which is not required for previous versions of Windows. As a result, Microsoft rates the bug as ‘Important’ rather than ‘Critical’ for this OS.