Microsoft Says Latest Bugs Genuine, But No Need To Panic
Microsoft Says Latest Bugs Genuine, But No Need To Panic
Submitted by Dennis Faas on Fri, 08/13/2010 - 08:00
Microsoft has confirmed it's investigating yet another large-scale bug affecting all supported editions of Windows. At the same time, it's ruled out issuing an emergency patch for the kernel-related issue that emerged just last week.
On Tuesday, Microsoft issued a record-breaking monthly Patch Tuesday update containing a record 14 security bulletins. When that was announced, it looked as if it would be network administrators who'd be in for a particularly busy time, while Microsoft security staff could at least have some breathing room. That turned out not to be the case.
Bogus Color Data Breaches Security
Microsoft was hit with the new bug between announcing and delivering this month's Patch Tuesday update. The newly discovered bug works by allowing hackers to overload a section of memory dealing with colors. Once the memory overflows, it leaks into other sections of restricted memory and thereby allows hackers unrestricted rights to the machine.
Microsoft confirms it has concluded a preliminary investigation. It says that although the problem is genuine, it can only be exploited by somebody who has physical access to a machine and must logged in to a Windows account. Because of these restrictions, Microsoft says it will not issue an emergency patch, but will instead fix the flaw in a future update. (Source: technet.com)
Security Advisory for Windows Service Isolation Bug
Meanwhile, Microsoft has issued a security advisory for a bug that affects the Windows Service Isolation. The bug means it's theoretically possible that an attacker could gain a level of access to the computer normally reserved for legitimate and trusted users.
According to Microsoft, there are only limited circumstances where this could be exploited. It says no patch is needed as Windows Service Isolation is simply a back-up security measure and would only come into play if a more serious security breach had already taken place. Instead, it has published a downloadable file which changes Windows settings to work around the bug. (Source: microsoft.com)
Rate this article:
Category:
Need Help? Ask!
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.