微软公布了2月份的安全公告预告,下周二将发布Windows更新,值得关注的是早在1993年 Windows NT 3.1 时代就存在的漏洞终于被修复。
问题出在Windows内核,是一个 Elevation of Privilege (EoP) 提权漏洞,影响目前所有的32位Windows,但64位不受影响。它的问题主要表现在使用DOS虚拟机时产生的内核栈处理问题。
下周二微软将公布13个安全公告,5个为“危急”,7个是“重要”,还有一个则是普通级别。
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/979682.mspx
Microsoft Security Advisory (979682)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Published: January 20, 2010 | Updated: January 22, 2010
Version: 1.1
General Information
Executive Summary
Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.
本文链接地址:
分类:
标签:
