Microsoft Releases First Windows Server 2008 Security Patches
Apr 10th, 2008 by MrGroove
Well that didn’t take long….. After only having Windows Server 2008 x64 Enterprise installed for a few weeks, I already need to begin patching the new OS with security updates. Indeed… That’s what I thought.
Included in Microsoft’s "Super Tuesday" Patch Cycle (2nd Tuesday of every month) came 4 new Security updates for Windows Server 2008. Although Microsoft labeled them as "Important", several are pretty nasty.
Details:
- Cumulative Security Update for Internet Explorer (947864)
- This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Security Update of ActiveX Kill Bits (948881)
- This security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
- This security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
- Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
- This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
NOT Groovy…….
Tags: kb947864, kb948881, kb941693, kb948590, microsoft, security, patch, update, super tuesday, download, windows server 2008
Visitor Options
