Critical September patch could hit Windows 2000 SP4 systems |
 |
By Serdar Yegulalp, Contributor
11 Sep 2007 | SearchWindowsSecurity.com |
|
|
The patching gods at Microsoft gave IT administrators a break this month by releasing a light delivery of four fixes, and only one is rated critical.
That's no reason to skimp on patching, of course -- especially since the one issue rated critical affects Windows 2000 Service Pack 4 systems. Last I checked there are still quite a few such machines doing active duty.
Plus, the vulnerability this patch addresses was privately disclosed to Microsoft -- it wasn't something Microsoft discovered on its own. The problem revolves around the largely-unused Microsoft Agent, the component that allows programmers to create animated characters to guide users -- something that annoyed almost everyone I know the minute they saw it. And the fact that it can be used as a vector for injecting arbitrary code into a system unless it's patched makes it doubly annoying.
Of the other three bulletins, all tagged as "Important," only one affects Windows itself in just about all its incarnations. It's a privilege-elevation vulnerability in Windows Services for Unix 3.0, 3.5 and the Subsystem for Unix-Based Applications.
Since these services aren't installed by default on most Windows systems, it's not as urgent as it might be. The other two, also tagged "Important," involve a vulnerability with Crystal Reports for Visual Studio and an MSN Messenger / Windows Live Messenger vulnerability as well. Since MSN Messenger is pretty widely used, this last fix is well worth installing; if you're a programmer, the Crystal Reports problem should be something to attend to if you use that application.
|
|
|
|
