Wednesday, February 25, 2009

Microsoft Releases Security patch for old Windows versions

Microsoft has rereleased an update that patches a remote code execution security issue in the Graphics Rendering Engine in old versions of Windows. Most users do not have to worry about installing the update.

Microsoft has rereleased a security update that was originally released back in 2005. It was revised to address minor issues "unrelated to the stability of the update or the security of the intended target systems." Most users have already applied this update and don't need to apply it again. The vulnerability is only found in older versions of Windows, 32-bit and 64-bit versions of Windows Server 2003, Windows Small Business Server 2003, Windows XP Tablet PC Edition, Windows 2000 SP4, and Small Business Server 2000.

However, the rereleased update (4.8MB) is only for various editions of Windows Server 2003 64-bit. Server 2003 customers who never installed the previous update will now be offered the revised one. The update should be offered automatically to these users.

When originally disclosed, the vulnerability was given a Critical rating by Microsoft because it included a remote code execution security issue in the Graphics Rendering Engine that could allow an attacker to remotely compromise the Windows-based system and gain control over it. Microsoft Security Bulletin MS05-053 has more information about the security issue that was fixed.

Source: http://arstechnica.com/microsoft/news/2009/02/security-patch-rereleased-for-old-windows-versions.ars

No comments: