Microsoft announces two updates for Patchday
Microsoft plans to release two security updates for its Windows operating systems next Tuesday. One update fixes critical holes which allow attackers to remotely inject and execute malicious code. The other patch is to resolve vulnerabilities which allow users to elevate their system privileges – Microsoft rates the severity of this hole as important.
The first security hole is critical for Windows XP and Vista, and rated as important for Windows Server 2003 and as moderate for Windows 2000. The second security hole affects all Windows operating systems from Windows 2000 to Windows Server 2003, but it doesn't affect Vista. The updates require a system reboot.
As usual, no further preliminary details have been released by the vendor. Therefore, it remains unclear whether the patches close only one or several holes each. As is customary on Patchdays, Microsoft also plans to update the Malicious Software Removal Tool (MSRT) and distribute five additional high priority non-security updates via Microsoft Update as well as two via Windows Update.
- Microsoft Security Bulletin Advance Notification for January 2008, Microsoft advance patch notification