Patch Tuesday: Microsoft to close three security vulnerabilities
Microsoft has announced that it will release three security updates on Tuesday the 10th of March, including one critical security vulnerability patch. The critical vulnerability being patched could allow an attacker to remotely execute code and take over a users computer. The critical patch affects Windows 2000, XP, Vista and Server 2003 and 2008.
The two important patches eliminate a spoofing issue in which an attacker can masquerade as someone else. One of the patches affects all supported versions of Windows, while the second affects only Windows 2000, Server 2003 and Server 2008.
Microsoft will also be updating the Windows Malicious Software Removal tool with an updated version and updating the Windows Mail junk email filter with revised definitions.
Not included in the security updates, however, is a fix for the critical security vulnerability in Excel which has already been exploited in the wild. The lack of a patch for Excel means that users will probably have to wait another month for an update while Microsoft fully tests a bug fix.
- Microsoft Security Bulletin Advance Notification for March 2009, advisory from Microsoft.