Microsoft has released its November 2008 security patch which includes two bulletins for fixing crucial vulnerabilities in Windows and Office applications, out of which one is dubbed as “critical” whereas the other is rated as “important”.
The more serious of the two bulletins, tagged as MS08-069, is designed to plug three security holes in XML Core Services and Internet Explorer, while the ‘important’ bulletin addresses flaws in Server Message Block (SMB) Protocol.
The MS08-069 security patch fixes vulnerabilities in XML Core Services 3.0, XML Core Services 4.0, and XML Core Services 6.0, which could enable hackers to exploit users’ system resources, by remote code execution, if the user visits a specially created webpage using Internet Explorer.
The other bulletin, MS08-068, fixes a flaw in SMB Protocol, which is dubbed for all the supported versions of Microsoft Windows 2000, Windows Server 2003 and 2008, Windows XP, and Windows Vista could allow hackers to install programs; access, change, and delete data; or create new accounts on user’s behalf.
Out of the three vulnerabilities patched by MS08-069, the only one is tagged as “critical” was labelled with CVE (Common Vulnerabilities and Exposures) back in early 2007, and according to the company, it went public almost two years ago.
Incidentally from last month, these security bulletins also include technical details - to allow software developers to update affected applications before public announcement - and an exploitability index, to assist system administrators in prioritizing the patches.