The carefully crafted image of Windows Vista as the most secure operating system of all time is beginning to take a beating.
For the second time this month, Microsoft has shipped a security bulletin with patches for a “critical†Vista vulnerability that puts millions of users at risk of code execution attacks.
The update — MS07-021 — is one of five bulletins released in Microsoft’s scheduled batch of patches for April. Four of the five are rated “critical,†Microsoft’s highest severity rating.
The five bulletins contain fixes for a total of 8 vulnerabilities affecting multiple versions of Windows and the Microsoft Content Management Server.
The total patch count for April stands at 15, including the flaws covered in last week’s emergency animated cursor (.ani) update.
The remote code execution flaw that dinged Vista is an error in the way the Windows Client/Server Run-time Subsystem (CSRSS) process handles error messages. An attacker could exploit the vulnerability by constructing a specially crafted application that could potentially allow remote code execution.
In all, the MS07-021 update fixes three different CSRSS bugs, all affecting Vista. However, only one of the three is rated critical across the board. The risk from the other two are limited toprivilege escalation and denial-of-service conditions.
Read brief synopsis of patches @ ZD Net
Recent Comments