Critical Microsoft Security Patch ~ APPLY NOW!
Microsoft released two patches today. The first is critical and the second is important as described by Microsoft:
Titled “Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)”, this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, and Vista, and addresses the vulnerability detailed in CVE-2007-0069 and CVE-2007-0066. A vulnerability exists in Transmission Control Protocol/Internet Protocol (TCP/IP) processing, and the patch modifies the way that the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests. Microsoft says “an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Titled “Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)”, this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but not Windows Vista. The update addresses the vulnerability detailed in CVE-2007-5352. If exploited, a vulnerability within Microsoft Windows Local Security Authority Subsystem Service (LSASS) could allow an attacker to elevate privileges, take complete control of an affected system, then install programs; view, change, or delete data; or create new accounts with full user rights.
Please note and address as appropriate.
