Article

Microsoft to patch single Windows 2000 vulnerability

SearchSecurity.com Staff

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft is starting off the New Year by giving most Windows administrators a break, announcing plans to release a single update correcting a critical vulnerability affecting Windows 2000 during its regular patching schedule next week.

No vulnerability details have been released, but Microsoft said it gave the flaw a low rating for all other platforms.

"Customers with Windows 2000 systems will want to review and deploy this update as soon as possible but, as we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high which lowers the overall risk," said Microsoft security program manager Jerry Bryant in the Microsoft Security Response Center blog.

Windows 7 DoS vulnerability:
Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS: A Server Message Block (SMB) flaw in Microsoft's latest OS can be remotely exploited by an attacker to cause Windows 7 machines to stop responding. 

Bryant said it would not patch a vulnerability in the protocol that handles messages between devices on a network for its newest Windows 7 operating system.

A denial-of-service (DoS) vulnerability contained in the Server Message Block (SMB) was discovered in November. It affects both Windows 7 SMBv1 and SMBv2. Microsoft engineers are continuing to test a patch for the flaw. The hole enables an attacker to crash a Windows 7 machine. In its advisory, Microsoft said the Windows 7 DoS vulnerability could be exploited if a victim visits a malicious website. It also affects users of Windows Server 2008.

In December, Microsoft addressed five vulnerabilities in Internet Explorer, including a serious zero-day flaw, a flawed ActiveX control that enabled attackers to gain access to a victim's system. Microsoft issued six bulletins in December, three critical, repairing 12 vulnerabilities across its product line.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: