Pure Overclock – Computer Hardware News, Reviews and More

 
 
 
 
 

Microsoft issue unexpected critical Windows patch

Comments Off on Microsoft issue unexpected critical Windows patch
Posted October 26, 2008 by admin in News

The bulletin, released yesterday, outlines a flaw in the Server service which allows for remote code execution upon receipt of a specially crafted RPC request ? which is to say that this vulnerability does not require user interaction to exploit, making it a particularly nasty little bug. While the flaw requires that your firewall rules allow RPC requests in, it’s certainly easier to exploit than most modern Windows vulnerabilities ? and trivial from within a local network.

Interestingly, the flaw ? which dates right back to Windows’ roots in the New Technology (NT) era ? also affects the latest pre-beta release of Windows 7, the next-generation Microsoft OS. Although the flaw still exists in Windows 7, it’s not quite as bad as prior versions ? an attacker must already be authenticated against the target system, which is not required for previous versions of Windows. As a result, Microsoft rates the bug as ‘Important’ rather than ‘Critical’ for this OS.



Find us on Google+