[ISN] Microsoft won't fix Windows 7 crash bug next week

From: InfoSec News <alerts_at_private>
Date: Fri, 8 Jan 2010 04:46:24 -0600 (CST)
http://www.computerworld.com/s/article/9143297/Microsoft_won_t_fix_Windows_7_crash_bug_next_week?taxonomyId=17

By Gregg Keizer
Computerworld
January 7, 2010

Microsoft today said it will deliver a single security update on Tuesday 
to patch just one vulnerability in Windows.

However, the company acknowledged that it does not yet have a fix for a 
crippling bug in Windows 7 that went public nearly two months ago.

The expected update will patch a vulnerability rated "critical" -- 
Microsoft's most serious rating in its four-step scoring system -- in 
Windows 2000. The bug also affects Windows XP, Vista and Windows 7, as 
well as Windows Server 2003, Server 2008 and Server 2008 R2, but is 
tagged as "low" for those editions.

"The first thing that came to mind was a denial-of-service vulnerability 
for the newer [operating systems], and a remote code execution on 
Windows 2000," said Andrew Storms, director of security operations at 
nCircle Network Security.

Microsoft downplayed the threat even to Windows 2000 users. "The 
Exploitability Index rating for this issue will not be high, which 
lowers the overall risk," said Jerry Bryant, a Microsoft security 
spokesman, in a post to the company's security response center blog 
today.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Fri Jan 08 2010 - 02:46:24 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 08 2010 - 02:53:00 PST