Microsoft Releases Critical Patch For Windows
Microsoft's security bulletin for March 2009 includes
a patch for Windows Kernel related to a vulnerability that could allow remote code execution.
The critical patch (MS09-006) resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.
The affected software includes Microsoft Windows 2000 SP4, XP SP3, Server 2003 SP2 and Vista SP1.
Microsoft also released two other security updates rated as "important". The MS09-007 update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
The MS09-008 security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attackers own systems.
For additional information, visit http://www.microsoft.com/technet/security/bulletin/ms09-mar.mspx.
Microsoft also released two other security updates rated as "important". The MS09-007 update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
The MS09-008 security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attackers own systems.
For additional information, visit http://www.microsoft.com/technet/security/bulletin/ms09-mar.mspx.
