News

Microsoft patches address serious Windows threats

Microsoft has distributed two security patches to address vulnerabilities in Windows.

One patch is described as "critical" by Microsoft, whilst the other is regarded as "important" by the firm. The patches are part of the company's monthly scheduled patching cycle.

Alan Bentley, VP of Lumension Security EMEA, said, "At first glance, it seems IT managers have got off lightly this month. However, it is not the quantity of patches that is important this month."

He said, "MS08-001 is a fairly serious vulnerability, fixing two privately reported vulnerabilities in the TCP/IP stack used in all versions of Windows, including Microsoft Vista.

"The vulnerability is at the kernel level and if exploited, a hacker could take complete control of a machine."

Bentley said a hacker looking to exploit this vulnerability could interfere with video or audio streams such as IP-based teleconferencing or streaming media.

To eradicate the immediate threat, organisations should block IP multicasting at the perimeter firewall and the Vista firewall (which is not an option in XP), while testing and rolling out the patch as soon as possible, he said.

"IT administrators cannot ignore MS08-002 either. Whilst it addresses a less severe vulnerability in the Microsoft Windows Local Security Authority Subsystem Service (LSASS), if it is exploited a hacker could elevate privileges on the affected machine and take complete control of a system," said Bentley.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy