 |
The seriousness of the drive-by security flaw in animated cursor handling in all recent Windows versions that was revealed last week prompted Microsoft to today release an “out-of-band” patch instead of waiting until the regular Patch Tuesday next week. The patch also fixes some other security vulnerabilities as well. Download the appropriate version by following the link or just running Windows Update.
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
April 11th, 2007 at 11:04 AM
[...] For the second time this month, Microsoft has shipped a security bulletin with patches for a “critical” Vista vulnerability that puts millions of users at risk of code execution attacks. The first time was the out-of-band fix for the animated cursor flaw. The update — MS07-021 — is one of five bulletins released in Microsoft’s scheduled batch of patches for April. … The remote code execution flaw that dinged Vista is an error in the way the Windows Client/Server Run-time Subsystem (CSRSS) process handles error messages. An attacker could exploit the vulnerability by constructing a specially crafted application that could potentially allow remote code execution. [...]