'Important' Fixes To Come in July Patch Cycle
Posted 07-04-2008 at 10:14 AM by BSchwarz
IT pros will come back from the holiday weekend to face a possible four patches in Microsoft's July patch rollout, according an advance announcement issued by the company. The patches, arriving Tuesday, won't contain "critical" or "moderate" items, but all four will be deemed "important."
Microsoft will address a mix of exploit risks with the July patch, including two elevation-of-privilege vulnerabilities, one spoofing security risk and one remote code execution (RCE) exploit. The infamous RCE problem continues to be a concern as the software giant's 2008 hotfix cycle passes its half-way point.
The first important fix addresses an elevation-of-privilege problem in SQL Server. Hackers can gain back-door access into the database and change fields to configure user access parameters, giving themselves superuser or unlimited access to run amok on a network.
In the last week of June, Redmond issued a security advisory pertaining to certain components of SQL Server, citing a recent "escalation in a class of attacks targeting Web sites" and using the database application as an incursion vector. This new SQL patch is far reaching as it touches several releases of the database and server software program, including SQL Server 7.0 Service Pack 4, SQL Server 2000 for Itanium systems and all versions of SQL Server 2005 SP2.
Also included as part of this fix are Microsoft Data Engine 1.0 SP4, SQL Server 2000 Desktop Engine SP4, SQL Server 2005 Express Edition SP2 and SQL Server 2005 Express Edition with Advanced Services SP2.
The SQL patch affects Windows 2000 Service Pack 4 and Windows Server 2003 (SP1 and SP2), including 64-bit editions. Windows Internal Database (WYukon) is also affected as the patch relates to all versions of Windows Server 2008 except for Itanium-processor-based systems.
The second fix blocks potential RCE exploits in all versions of Windows Vista and Windows Server 2008.
Microsoft will address a mix of exploit risks with the July patch, including two elevation-of-privilege vulnerabilities, one spoofing security risk and one remote code execution (RCE) exploit. The infamous RCE problem continues to be a concern as the software giant's 2008 hotfix cycle passes its half-way point.
The first important fix addresses an elevation-of-privilege problem in SQL Server. Hackers can gain back-door access into the database and change fields to configure user access parameters, giving themselves superuser or unlimited access to run amok on a network.
In the last week of June, Redmond issued a security advisory pertaining to certain components of SQL Server, citing a recent "escalation in a class of attacks targeting Web sites" and using the database application as an incursion vector. This new SQL patch is far reaching as it touches several releases of the database and server software program, including SQL Server 7.0 Service Pack 4, SQL Server 2000 for Itanium systems and all versions of SQL Server 2005 SP2.
Also included as part of this fix are Microsoft Data Engine 1.0 SP4, SQL Server 2000 Desktop Engine SP4, SQL Server 2005 Express Edition SP2 and SQL Server 2005 Express Edition with Advanced Services SP2.
The SQL patch affects Windows 2000 Service Pack 4 and Windows Server 2003 (SP1 and SP2), including 64-bit editions. Windows Internal Database (WYukon) is also affected as the patch relates to all versions of Windows Server 2008 except for Itanium-processor-based systems.
The second fix blocks potential RCE exploits in all versions of Windows Vista and Windows Server 2008.
Total Comments 0
Comments
Total Trackbacks 0
Trackbacks
Recent Blog Entries by BSchwarz
- Virtualization Products Launch September 8 (07-13-2008)
- 'Important' Fixes To Come in July Patch Cycle (07-04-2008)
- Updated Microsoft Virtual Server 2005 to Support Windows Server 2008 (06-01-2008)
- Windows Server 2008 Enterprise - Server Core Installation (03-23-2008)
- What's New With Windows Firewall? (03-23-2008)
