Windows Vista Vulnerable to Attacks via UNIX

**Anilrgowda** · 07-Sep-2007, 01:24 AM

Microsoft's latest and most secure platform to date, Windows Vista, is vulnerable to attacks targeting a vulnerability residing in Windows Services for UNIX and in the Subsystem for UNIX-based Applications. However Vista is not the only product affected by the issue. Windows Services for UNIX provides a vector of attack for Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2. Additionally Windows Server 2003 x64 Edition and both the 32-bit and 64-bit editions of Windows Server 2003 Service Pack 2 and Windows Vista can be compromised through Subsystem for UNIX-based Applications. Through the successful exploitation of the UNIX-related security flaw on Windows, an attacker can perform elevation of privileges on Vista and the other affected operating systems. This is why Microsoft has labeled the vulnerability with a severity rating of Important. The information was officially confirmed by Microsoft, via the Security Bulletin Advance Notification for September 2007.
For September Microsoft is cooking a total of five security bulletins, one cataloged as Critical and the remaining four considered only of an Important level. September is proving a slow month for the Redmond company in terms of security patches. Microsoft will address in this month's patch cycle Critical vulnerability/vulnerabilities only in Windows 2000. This is the sole case where remote code execution is the result of an exploit.
Christopher Budd, security program manager in the Microsoft Security Response Center (MSRC) made public the complete list of security bulletins scheduled to go live on September 11. "As we do each month, as part of our processes to help make security updates more predictable and assist with your planning, we’ve posted our Advance Notification with preliminary information about next week’s release. As a reminder, we provide this early information to help with planning, but it can change between now and next Tuesday. As part of our regularly scheduled bulletin release, we’re currently planning to release five security bulletins," Budd stated.

Source:Windows Vista Vulnerable to Attacks via UNIX - Through Windows Services for UNIX and in the Subsystem for UNIX-based Applications - Softpedia

07-Sep-2007, 01:24 AM	#1 (permalink)
Anilrgowda Administrator Posts: 18,715 Join Date: Jan 2006 Rep Power: 10 IM:	Windows Vista Vulnerable to Attacks via UNIX Microsoft's latest and most secure platform to date, Windows Vista, is vulnerable to attacks targeting a vulnerability residing in Windows Services for UNIX and in the Subsystem for UNIX-based Applications. However Vista is not the only product affected by the issue. Windows Services for UNIX provides a vector of attack for Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2. Additionally Windows Server 2003 x64 Edition and both the 32-bit and 64-bit editions of Windows Server 2003 Service Pack 2 and Windows Vista can be compromised through Subsystem for UNIX-based Applications. Through the successful exploitation of the UNIX-related security flaw on Windows, an attacker can perform elevation of privileges on Vista and the other affected operating systems. This is why Microsoft has labeled the vulnerability with a severity rating of Important. The information was officially confirmed by Microsoft, via the Security Bulletin Advance Notification for September 2007. For September Microsoft is cooking a total of five security bulletins, one cataloged as Critical and the remaining four considered only of an Important level. September is proving a slow month for the Redmond company in terms of security patches. Microsoft will address in this month's patch cycle Critical vulnerability/vulnerabilities only in Windows 2000. This is the sole case where remote code execution is the result of an exploit. Christopher Budd, security program manager in the Microsoft Security Response Center (MSRC) made public the complete list of security bulletins scheduled to go live on September 11. "As we do each month, as part of our processes to help make security updates more predictable and assist with your planning, we’ve posted our Advance Notification with preliminary information about next week’s release. As a reminder, we provide this early information to help with planning, but it can change between now and next Tuesday. As part of our regularly scheduled bulletin release, we’re currently planning to release five security bulletins," Budd stated. Source:Windows Vista Vulnerable to Attacks via UNIX - Through Windows Services for UNIX and in the Subsystem for UNIX-based Applications - Softpedia ------------------

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)