This year, Microsoft has been unusually swift with patching vulnerabilities in its software: another patch is coming from Microsoft for the Windows Vista platform on January 8th, the company’s first to come this year. Labeled under "critical" and "important", two security bulletins are to be injected into the newest OS the corporation has released last year. The first patch will be targeted towards all Windows versions including Vista, and the second will be Vista-, 2000-, XP-, and Server 2003-exclusive.
The vulnerabilities to be patched in the above-mentioned Windows versions are as follows:
- the "critical" and trojan-vulnerable flaw in the Microsoft DirectX Media SDK; this exploit may be used by cybercriminals to gain remote access (and subsequently, full control) to the compromised system by a denial of service.
- the "important" hole is a buffer overflow in the Windows CFileFind Class "FindFile()" function.