If you’ve been ignoring the little yellow update notices provided by Windows, now might be a good time to finally acknowledge them and do some downloading. One of the most recent patches addresses three vulnerabilities in Microsoft XML Core Services.
Security Bulletin MS08-069 is considered critical as a whole, and versions of operating systems including Windows Vista, Windows XP, and Windows 2000 are affected. In the text of the bulletin, Microsoft acknowledged, “The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.”
There is some good news, though. First, as you probably realized, this hasn’t been headline news, and so hackers don’t seem to be pounding at the vulnerabilities from every angle. Then, most of the employees within any given organization don’t even appear to be at high risk, as Microsoft stated, “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Finally, the update is of course free, and so is technical support (1-866-PCSAFETY) if you need it.
Microsoft gave credit to Gregory Fleischer, Stefano Di Paola, and Robert Hansen for first reporting the vulnerabilities, so we’ll direct a nod to these gentlemen here, too.
