Establishing Digital Trust: Don't Sacrifice Security for Convenience
September is looking like a slow month for Microsoft bugs, as this month's Patch Tuesday only features one critical fix for one specific version of Windows, plus three important fixes, which rank as less severe.
The only critical fix is in Microsoft Agent, which has a vulnerability that could allow for remote code execution. Agent is used in a variety of Microsoft applications that are integrated into Windows, most notably the Windows Search feature with the animated dog.
However, the fix is only for Windows 2000 Service Pack 4. All other versions of Windows are fine.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i "We don't foresee a lot of exploitation of the Windows 2000 vulnerability. Not many people will use those legacy systems to surf the Web, which would be the primary attack vector," Dave Marcus, security research and communications manager at McAfee Avert Labs, said in a statement sent to InternetNews.com.
The other three fixes are non-Windows-related. A remote code execution vulnerability in Visual Studio is fixed, as is a hole in the Windows Services for Unix 3.0, which could allow an attacker to gain elevation of privilege. The last error is in the live cam feature in MSN Messenger and Windows Live Messenger, which could allow an attacker to take complete control of the affected system.
"The MSN Messenger and Windows Live Messenger vulnerability is also serious. However, Microsoft forces an update, so there is little chance of actually exploiting this vulnerability. Users should accept the automatic update when they connect to the Messenger service," Marcus said.