Microsoft Plugs Code Execution Holes On Patch Day
Microsoft on Tuesday released fixes for five vulnerabilities in Windows products, including a patch for a known security issue in the WINS (Windows Internet Name Service) name server. As expected, the company released five advisories with "important" severity ratings but warned that four of the five could lead to code execution attacks.
Source: eWeekMicrosoft typically rates code execution flaws as "critical," and the lowered ratings raised some eyebrows since independent researchers have already warned of the serious nature of the WINS vulnerability, which could allow a remote attacker to take complete control of an affected system.
According to Stephen Toulouse, program manager at the Microsoft Security Response Center, "critical" ratings are reserved for bugs that the company considers "wormable."
"A critical vulnerability means that, in the default scenario on a PC connected to the Internet, a criminal could exploit it in such a way that it spreads from machine to machine. We reserve critical ratings for vulnerabilities that are wormable," Toulouse told eWEEK.com.
0