blob: 82012a9f19659a96d95842fe295025f66ac266cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
Yesterday was Microsoft's monthly "Patch Tuesday" and the company delivered a slew of updates, including a kernel update to address a particularly nasty issue that allowed malicious code to be injected into the kernel via unsigned drivers.
The [kernel exploit][1] affects all 64 bit versions of Windows, and, while Microsoft is trying to downplay it, comes in response to hacking tools freely available on the web. Purple Pill as one tool was known, could be used to load unsigned drivers into the Windows kernel thanks to a flaw in one of Vista's video drivers. Purple Pill's maker pulled the software after realizing no patch was available.
Other fixes in this month's batch of patches include six listed as critical. Of the six only one is Vista specific, which plugs an exploit in Windows Gadgets which could allow remote code execution.
The rest of the critical patches apply to nearly all Windows systems and fix flaws in Windows Media Player, Microsoft Excel, XML Core Services and more.
You can grab the security patches for Windows via Microsoft Update or directly from the [downloads site][2].
[1]: http://www.microsoft.com/technet/security/advisory/932596.mspx
[2]: http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx
|
