Click here to receive your FREE subscription to Campus Technology
News
'Important' Fixes To Come in Microsoft's July Patch Cycle
7/7/2008
|
|
IT pros will come back from the holiday weekend to face a possible four patches in Microsoft's July patch rollout, according an advance announcement issued by the company. The patches, arriving Tuesday, won't contain "critical" or "moderate" items, but all four will be deemed "important."
Microsoft will address a mix of exploit risks with the July patch, including two elevation-of-privilege vulnerabilities, one spoofing security risk and one remote code execution (RCE) exploit. The infamous RCE problem continues to be a concern as the software giant's 2008 hotfix cycle passes its half-way point.
The first important fix addresses an elevation-of-privilege problem in SQL Server. Hackers can gain back-door access into the database and change fields to configure user access parameters, giving themselves superuser or unlimited access to run amok on a network.
In the last week of June, Redmond issued a security advisory pertaining to certain components of SQL Server, citing a recent "escalation in a class of attacks targeting Web sites" and using the database application as an incursion vector. This new SQL patch is far reaching as it touches several releases of the database and server software program, including SQL Server 7.0 Service Pack 4, SQL Server 2000 for Itanium systems and all versions of SQL Server 2005 SP2.
Also included as part of this fix are Microsoft Data Engine 1.0 SP4, SQL Server 2000 Desktop Engine SP4, SQL Server 2005 Express Edition SP2 and SQL Server 2005 Express Edition with Advanced Services SP2.
The SQL patch affects Windows 2000 Service Pack 4 and Windows Server 2003 (SP1 and SP2), including 64-bit editions. Windows Internal Database (WYukon) is also affected as the patch relates to all versions of Windows Server 2008 except for Itanium-processor-based systems.
The second fix blocks potential RCE exploits in all versions of Windows Vista and Windows Server 2008.
The third fix staves off spoofing, which is the act of masking Internet Protocol configurations under false pretenses by faking the sending address of a transmission in order to gain illegal entry into a secure system. The patch affects the client and server side update functions for Windows 2000 SP4, client updates for multiple versions of Windows XP, and client and server update functions in Windows Server 2003. The fix addresses server-side updates for all versions of Windows Server 2008, except for those running on an Itanium system.
Recommended Reading
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
- U Florida and Cyntellect Collaborate to Unlock Mysteries of Cancer Stem Cells
The University of Florida has entered into a research agreement with life sciences company Cyntellect. The university's Interdisciplinary Center for Biotechnology Research will work with the company to focus on a variety of research areas including the purification and analysis of cancer stem cells (CSCs), rare cells believed to be directly involved in propagating cancers.
- George Mason U Receives Grant To Deploy Intergraph Apps for Intelligence Curriculum
George Mason University (GMU) in Fairfax, VA has been awarded a grant from Intergraph to enable students enrolled in GMU's Geospatial Intelligence Graduate Certificate program to use the company's geospatial production and exploitation software as part of their core curriculum.
- Institute for Cyber Security at U Texas, San Antonio Opens Incubator
The University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS) has launched a new Internet security incubator. The incubator was developed to commercialize promising technologies that address major cyber security and privacy issues. The first companies to enter the incubator are Denim Labs and SafeMashups.
- ISO/IEC Publishes Office Open XML Standard
ISO/IEC has published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.
- Dynamics NAV 2009 ERP Coming Next Month
Microsoft exec Kirill Tatarinov Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.
