Microsoft to patch single Windows 2000 vulnerability

Patch for a Server Message Block zero-day vulnerability in Windows 7 is still being tested, the software giant said.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft is starting off the New Year by giving most Windows administrators a break, announcing plans to release a single update correcting a critical vulnerability affecting Windows 2000 during its regular patching schedule next week.

No vulnerability details have been released, but Microsoft said it gave the flaw a low rating for all other platforms.

"Customers with Windows 2000 systems will want to review and deploy this update as soon as possible but, as we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high which lowers the overall risk," said Microsoft security program manager Jerry Bryant in the Microsoft Security Response Center blog.

Windows 7 DoS vulnerability:
Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS: A Server Message Block (SMB) flaw in Microsoft's latest OS can be remotely exploited by an attacker to cause Windows 7 machines to stop responding. 

Bryant said it would not patch a vulnerability in the protocol that handles messages between devices on a network for its newest Windows 7 operating system.

A denial-of-service (DoS) vulnerability contained in the Server Message Block (SMB) was discovered in November. It affects both Windows 7 SMBv1 and SMBv2. Microsoft engineers are continuing to test a patch for the flaw. The hole enables an attacker to crash a Windows 7 machine. In its advisory, Microsoft said the Windows 7 DoS vulnerability could be exploited if a victim visits a malicious website. It also affects users of Windows Server 2008.

In December, Microsoft addressed five vulnerabilities in Internet Explorer, including a serious zero-day flaw, a flawed ActiveX control that enabled attackers to gain access to a victim's system. Microsoft issued six bulletins in December, three critical, repairing 12 vulnerabilities across its product line.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close