On Thursday, Check Point Software Technologies released updated versions of all its ZoneAlarm products, addressing an incompatibility with a patch Microsoft released earlier this week.
The fix requires ZoneAlarm users to download the latest version, 7.0.438.000, from its site. A reboot is required to complete installation.
Since Tuesday, ZoneAlarm customers have complained that access to the Internet was denied after installing MS08-037, a patch designed by Microsoft to correct a vulnerability in both the client and server Domain Name System packages within Windows. Earlier on Tuesday, a security researcher announced a massive, multi-vendor patch release to address a fundamental flaw in DNS that could allow attackers to spoof IP addresses.
Workarounds included uninstalling MS08-037, changing ZoneAlarm's settings from high to medium, or temporarily using the Windows Firewall instead.
Check Point provided no additional comments about the cause of the outage.
Microsoft today released its July 2008 security bulletin highlighting items all considered important but not critical. They are for Domain Name Service in Windows, Windows Explorer within Windows Vista, Outlook Web Access (OWA), and Microsoft SQL servers. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Entitled "Vulnerabilities in DNS Could Allow Spoofing (953230)," this bulletin is for users of Windows 2000, Windows XP, and Windows Server 2003; not affected are users of Windows Vista (both 32-bit and 64-bit editions) and Windows Server 2008. The update addresses vulnerabilities detailed in CVE-2008-1447 and CVE-2008-1454. The patch modifies the Windows Domain Name System (DNS) in Windows. Microsoft says these two vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker's own systems.
Entitled "Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)," this bulletin only affects users of Windows Vista and Windows Server 2008; all other versions of Windows are not affected. The update addresses vulnerability detailed in CVE-2008-1435. Microsoft says "the vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Entitled "Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)," this bulletin affects users of Microsoft Outlook Exchange Server 2003 and Microsoft Outlook Exchange Server. The update addresses the issues detailed in CVE-2008-2247 and CVE-2008-2248. Microsoft says "an attacker who successfully exploited these vulnerabilities could gain access to an individual Outlook Web Access (OWA) client's session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client's OWA session."
Entitled "Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)," this bulletin affects SQL Server 7.0 Service Pack 4, SQL Server 2000 Service Pack 4, SQL Server 2000 Itanium-based Edition Service Pack 4, SQL Server 2005 Service Pack 2, SQL Server 2005 x64 Edition Service Pack 2, SQL Server 2005 with SP2 for Itanium-based Systems, Microsoft Data Engine (MSDE) 1.0 Service Pack 4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4, Microsoft SQL Server 2005 Express Edition Service Pack 2, Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2, Microsoft SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) Service Pack 2, Microsoft SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) x64 Edition Service Pack 2. This update addresses the vulnerability detailed in CVE-2008-0085, CVE-2008-0086, CVE-2008-0107, and CVE-2008-0106. Microsoft says this bulletin "resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."
On Thursday, Microsoft announced four security bulletins for Patch Tuesday next week. The pre-announcement is intended as a heads up for IT departments before Patch Tuesday. All four are considered important, the second-most serious ranking by the software giant.
Among the important patches, two affect vulnerabilities within Windows, with one potentially causing remote code execution, while the other involves spoofing. Another bulletin affects Windows and Microsoft SQ Server and involves privilege elevation. The final bulletin affects Microsoft Exchange Server and also involves privilege elevation
Microsoft on Tuesday released its June 2008 security bulletin, which includes three critical, three important, and one moderate patch.
Of the critical, one is for the Bluetooth stack in Windows XP and Windows Vista, one is for DirectX, and another is a cumulative update to Internet Explorer. The one moderate bulletin covers a flaw in the speech recognition feature in Windows 2000, XP, and Windows Vista. Of the important bulletins, one concerns Active Directory and another Pragmatic General Multicast (PGM). All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Titled "Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)", this bulletin is critical for users of Windows XP and Windows Vista (both 32-bit and 64-bit editions). The update addresses vulnerabilities detailed in CVE-2008-1453. The patch modifies the way that the Bluetooth stack handles a large number of service description requests. Microsoft says an attacker could use this to take complete control of an affected system; install programs; view, change, or delete data; or create new accounts with full user rights.
Titled "Cumulative Security Update for Internet Explorer (950759)", this bulletin affects all users of Windows. However, the critical designation only applies to users of Windows XP and Windows Vista; all others are deemed moderate or important by Microsoft. The update addresses vulnerabilities in CVE-2008-1442 and CVE-2008-1544. The cumulative patch fixes a couple of vulnerabilities including one that could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and another which could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.
Titled "Cumulative Security Update of ActiveX Kill Bits (950760)", this bulletin affects users of Microsoft Windows 2000 Service Pack 4; all supported editions of Windows XP; and all editions of Windows Vista including Windows Vista Service Pack 1. The update addresses the issues in CVE-2007-0675. It fixes a publicly reported vulnerability for the Microsoft Speech API that could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the speech recognition feature in Windows enabled.
Titled "Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)", this bulletin affects all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-0011 and CVE-2008-1444. Microsoft says the vulnerability "could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Titled "Vulnerability in WINS Could Allow Elevation of Privilege (948745)", this bulletin affects all supported editions of Microsoft Windows 2000 Server and Windows Server 2003. This update addresses the vulnerability detailed in CVE-2008-1451. Microsoft says an attacker could use an elevation of privilege to take complete control of an affected system, and then install programs; view, change, or delete data; or create new accounts.
Titled "Vulnerability in Active Directory Could Allow Denial of Service (953235)", this bulletin is rated Important for all supported editions of Microsoft Windows 2000 Server, and rated Moderate for select editions of Windows XP Professional, Windows Server 2003, and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-1445. Microsoft says the vulnerability could be exploited to allow an attacker to cause a denial-of-service condition.
Titled "Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)", this bulletin is rated Important for all supported editions of Windows XP and Windows Server 2003 and rated Moderate for all supported editions of Windows Vista and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-1440 and CVE-2008-1441. Microsoft says "an attacker who successfully exploited this vulnerability could cause a user's system to become non-responsive and to require a restart to restore functionality. Note that the denial-of-service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests."
Microsoft is planning seven security bulletins for its Patch Tuesday this month, the company announced Thursday.
Three of the bulletins are deemed critical by Microsoft, and cover Bluetooth, Internet Explorer, and DirectX. The Internet Explorer bulletin is expected to be cumulative and might include some remediation for the Safari for Windows vulnerability disclosed last month by Nitesh Dhanjani.
Three of the bulletins are termed important, and cover WINS, Active Directory, and PGM. One of the bulletins is considered moderate and covers kill bits.
The bulletins will be released on Tuesday.
On Thursday, Microsoft announced it will release eight security bulletins next week. The news is intended as a heads-up for IT departments in advance of Patch Tuesday.
Of the eight patches, five are considered "critical," and three are considered "important" by the software giant.
Among the critical patches, one will affect Microsoft Office, two will affect Windows, and two will affect the Internet Explorer browser. Of the important patches, Microsoft says one will affect Microsoft Office and two will affect Windows. The potential vulnerabilities include spoofing and remote code execution.
Microsoft today released its March 2008 security bulletin, which includes four bulletins, all deemed critical by Microsoft.
The most serious of these affects Microsoft Excel, which alone has six specific "Common Vulnerablities and Exposures" vulnerabilities noted, one of which has been exploited in the wild. The next most serious affects Microsoft Outlook. In that one, a vulnerability in how the software parses "mailto" URIs could lead to remote code execution. A third bulletin affects how various Microsoft Office apps open maliciously crafted files. The final bulletin concerns how Office interfaces with the Web and includes one vulnerability that has been known but unpatched since September 2006. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Entitled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)," this bulletin is critical for users of Microsoft Excel 2000 Service Pack 3, and important for users of Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel 2007, Microsoft Office Excel Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac. Not affected are Microsoft Works 8, 8.5, and 9, or Works suite 2005 and Works suite 2006. The update addresses vulnerabilities detailed in CVE-2008-0111, CVE-2008-0112, CVE-2008-0114, CVE-2008-0115, CVE-2008-0116, CVE-2008-0117, and CVE-2008-0081. Microsoft says, "an attacker who successfully exploited these vulnerabilities could take complete control of an affected system and could then install programs; view, change, or delete data; or create new accounts with full user rights."
Entitled "Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)," this bulletin affects users of Microsoft Outlook 2000 Service Pack 3, Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 2, Outlook 2003 Service Pack 3, and Outlook 2007. Not affected are users of Outlook 2007 Service Pack 1. The update addresses the vulnerability detailed in CVE-2008-0110. Microsoft says this vulnerability "could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane."
Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)," this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3, and Microsoft Office 2004 for Mac. Not affected are users of Microsoft Office 2003 Service Pack 3, Microsoft PowerPoint Viewer 2003, Microsoft Visio 2002 Service Pack 2, Microsoft Visio 2003 Viewer, Microsoft Word Viewer 2003, Microsoft Project 2000 Service Pack 1, Microsoft Project 2002 Service Pack 2, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, and Microsoft Office 2008 for Mac. The update addresses the vulnerability detailed in CVE-2008-0113 and CVE-2008-0118. Microsoft says, "an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Entitled "Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)," this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003 Service Pack 1, Microsoft BizTalk Server 2000, Microsoft BizTalk Server 2002, Microsoft Commerce Server 2000, and Internet Security and Acceleration Server 2000 Service Pack 2. Not affected are users of Microsoft Works 8, Microsoft Works 9, Microsoft Works Suite 2005, Microsoft Works Suite 2006, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft BizTalk Server 2004, Microsoft BizTalk Server 2006, Microsoft Commerce Server 2000 Service Pack 1, Microsoft Commerce Server 2000 Service Pack 2, and Microsoft Commerce Server 2000 Service Pack 3, Microsoft Commerce Server 2002, Microsoft Commerce Server 2007, Internet Security and Acceleration Server 2004, and Internet Security and Acceleration Server 2006. This update addresses the vulnerability detailed in CVE-2006-4695 and CVE-2007-1201. Microsoft says, "these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Microsoft on Tuesday released its February 2008 security bulletin, which includes 11 bulletins, six of which are deemed "critical" by Microsoft, while five are deemed "important." One bulletin, suggested in the advance notice posted Thursday, failed to be released Tuesday. A majority of the "critical" patches affect Microsoft Office, two critical patches include users of Office for Mac 2004, one affects Visual Basic 6.
The "important" patches are mostly Internet services-related. One patch is specific to the Windows Vista update, however, all the Windows Vista-related updates will be included with Windows Vista SP1, expected to roll out to consumers in mid-to-late March.
Tim Rains, security response communications lead for Microsoft, humorously noted that "Windows Vista SP1 and Windows Server 2008 are not affected by any of today's bulletins." They're not affected because they are not yet available to the public. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Titled "Vulnerability in Active Directory Could Allow Denial of Service (946538)," this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but does not affect Windows Vista. A vulnerability detailed in CVE-2008-0088 exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM). Microsoft says "attacker must have valid log-on credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart."
Titled "Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)," this bulletin only affects users of Windows Vista. The update addresses the vulnerability detailed in CVE-2008-0084 that exists in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. Microsoft says "an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart."
Titled "Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)," this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, and Vista. The update addresses the vulnerability detailed in CVE-2008-0074 that exists in Internet Information Services (IIS). Microsoft says "a local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Titled "Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)," this bulletin affects users of Microsoft Windows XP SP2 and Server 2003, but not Windows 2000 or Vista. The update addresses the vulnerability detailed in CVE-2008-0075 that exists in the way that IIS handles input to ASP Web pages. Microsoft says "An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings."
Titled "Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)," this bulletin affects users of Microsoft Windows XP SP2, Server 2003, and Vista, but not Windows 2000. This update addresses the vulnerability detailed in CVE-2008-0080 in the WebDAV Mini-Redirector. Microsoft says "an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Titled "Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)," this bulletin affects users of all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6. The update addresses the vulnerability detailed in CVE-2007-0065. If exploited, the vulnerability could allow remote code execution through attacks on Object Linking and Embedding (OLE) Automation if a user viewed a specially crafted Web page.
Titled "Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)," this bulletin affects users of Microsoft Word 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office Word Viewer 2003, but does not affect Microsoft Office 2003 Service Pack 3, Microsoft Word Viewer 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac. The update addresses the vulnerability detailed in CVE-2008-0109 and could allow remote code execution if a user opens a specially crafted Word file. Microsoft says "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Titled "Cumulative Security Update for Internet Explorer (944533)," this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but not Windows Vista. The update addresses the vulnerabilities detailed in CVE-2008-0076, CVE-2008-0077, CVE-2008-0078, and CVE-2007-4790. Microsoft says "the most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Titled "Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)," this bulletin affects users of Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3, Microsoft Works 8.0, Microsoft Works Suite 2005, but not Microsoft Works 8.5, Microsoft Works 9.0, Microsoft Works Suite 2006, 2007 Microsoft Office System, Microsoft Office 2000, and Microsoft Office XP. The update addresses the vulnerabilities detailed in CVE-2007-0216, CVE-2008-0105, and CVE-CVE-2008-0108 that could allow remote code execution if a user opens a specially crafted Works (.wps) file with an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. Microsoft says "an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Titled "Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)," this bulletin affects users of Microsoft Publisher 2000, 2002, XP, 2003 SP2, but not Microsoft Publisher 2003 SP3 or 2007. The update addresses the vulnerabilities detailed in CVE-2008-0102 and CVE-2008-0104 that could allow remote code execution if a user opens a specially crafted Publisher file. Microsoft says "an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Titled "Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)," this bulletin replaces previous bulletins MS06-047 and MS07-60. This bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, and Microsoft Office 2004 for Mac, but not Microsoft Office 2003 Service Pack 3, Microsoft Excel Viewer 2003, Microsoft PowerPoint 2003 Viewer, Microsoft Visio 2003 Viewer, Microsoft Word Viewer 2003, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft Office 2008 for Mac. The update addresses the vulnerability detailed in CVE-2008-0103 that could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. Microsoft says "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
With its February 12, 2008, Patch Tuesday release, Microsoft has decided, for security reasons, to push out Internet Explorer 7, even to businesses that have previously blocked the automatic upgrade.
According to this Microsoft knowledge base article the software giant will release the Windows Internet Explorer 7 Installation and Availability update to Windows Server Update Services (WSUS) marked as an Update Rollup package. Microsoft says for business customers who have "set WSUS to 'auto-approve' Update Rollup packages (this is not the default configuration), Windows Internet Explorer 7 will be automatically approved for installation." Microsoft introduced the delay feature to give companies a chance to test the browser.
In particular, Microsoft says companies that need to take action before February 12 include those that:
Use WSUS 3.0 to manage updates in their organization Have Windows XP Service Pack 2 (SP2)-based computers or Windows Server 2003 Service Pack 1 (SP1)-based computers that have Internet Explorer 6 installed Do not want to upgrade Internet Explorer 6 machines to Windows Internet Explorer 7 at this time Have configured WSUS to auto-approve Update Rollups for installation
The knowledge base article cited above provides step-by-step instructions for companies wishing to continue to block the automatic installation of Internet Explorer 7.
This February rollup package does not apply to Windows Vista users since that operating system shipped with Internet Explorer 7.
Microsoft on Tuesday released its January 2008 security bulletin, which includes only two updates: One is designated as "critical" by the software giant and the second one is deemed "important". Both concern the Windows operating system. There are no Microsoft Office updates this month. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Titled "Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)", this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, and Vista, and addresses the vulnerability detailed in CVE-2007-0069 and CVE-2007-0066. A vulnerability exists in Transmission Control Protocol/Internet Protocol (TCP/IP) processing, and the patch modifies the way that the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests. Microsoft says "an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Titled "Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)", this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but not Windows Vista. The update addresses the vulnerability detailed in CVE-2007-5352. If exploited, a vulnerability within Microsoft Windows Local Security Authority Subsystem Service (LSASS) could allow an attacker to elevate privileges, take complete control of an affected system, then install programs; view, change, or delete data; or create new accounts with full user rights.
