2 Critical Vulnerability affecting Microsoft Windows,
Microsoft Security Bulletin MS08-067 - Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
A remote code execution vulnerability exists in the Server service on Windows systems. The vulnerability is due to the service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
For More Info, Work-around and Mitigation,
Microsoft Security Bulletin MS08-078 - Critical
Security Update for Internet Explorer (960714)
A remote code execution vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.
An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
For More Info, Work-around and Mitigation,
Regards,
VINOD M
Labels: Social Awareness, Technology