Click here to receive your FREE subscription to Campus Technology
News
'Important' Fixes To Come in Microsoft's July Patch Cycle
7/7/2008
|
|
IT pros will come back from the holiday weekend to face a possible four patches in Microsoft's July patch rollout, according an advance announcement issued by the company. The patches, arriving Tuesday, won't contain "critical" or "moderate" items, but all four will be deemed "important."
Microsoft will address a mix of exploit risks with the July patch, including two elevation-of-privilege vulnerabilities, one spoofing security risk and one remote code execution (RCE) exploit. The infamous RCE problem continues to be a concern as the software giant's 2008 hotfix cycle passes its half-way point.
The first important fix addresses an elevation-of-privilege problem in SQL Server. Hackers can gain back-door access into the database and change fields to configure user access parameters, giving themselves superuser or unlimited access to run amok on a network.
In the last week of June, Redmond issued a security advisory pertaining to certain components of SQL Server, citing a recent "escalation in a class of attacks targeting Web sites" and using the database application as an incursion vector. This new SQL patch is far reaching as it touches several releases of the database and server software program, including SQL Server 7.0 Service Pack 4, SQL Server 2000 for Itanium systems and all versions of SQL Server 2005 SP2.
Also included as part of this fix are Microsoft Data Engine 1.0 SP4, SQL Server 2000 Desktop Engine SP4, SQL Server 2005 Express Edition SP2 and SQL Server 2005 Express Edition with Advanced Services SP2.
The SQL patch affects Windows 2000 Service Pack 4 and Windows Server 2003 (SP1 and SP2), including 64-bit editions. Windows Internal Database (WYukon) is also affected as the patch relates to all versions of Windows Server 2008 except for Itanium-processor-based systems.
The second fix blocks potential RCE exploits in all versions of Windows Vista and Windows Server 2008.
The third fix staves off spoofing, which is the act of masking Internet Protocol configurations under false pretenses by faking the sending address of a transmission in order to gain illegal entry into a secure system. The patch affects the client and server side update functions for Windows 2000 SP4, client updates for multiple versions of Windows XP, and client and server update functions in Windows Server 2003. The fix addresses server-side updates for all versions of Windows Server 2008, except for those running on an Itanium system.
Recommended Reading
- Fixed-Mobile Convergence: Dartmouth Beefs Up Cell Coverage, Cuts Costs
Problems with cell phone coverage aren't uncommon on college campuses. There are two main reasons: The beefy structure of historic buildings can block cellular reception within walls, and, on more remote campuses outside cities, signal coverage can be light.
- Thompson Rivers U Deploys Unified Digital Campus for ERP
Thompson Rivers University (TRU) in British Columbia has selected SunGard Higher Education's Banner Unified Digital Campus (UDC) to integrate its ERP systems.
- DV Kitchen Web Video Publishing System Released
DVcreators.net has released DV Kitchen, a new video encoding and publishing application for Mac OS X designed specifically for creating materials to be posted on the Web.
- NEC Debuts 4 Education Projectors
NEC this week debuted four new projectors targeted toward education applications, along with a new MultiSync LCD display. The new NP-series projectors are entry-level models started at $899 but are designed to provide high light output, support for closed captioning, and built-in networking capabilities.
- Security Researchers Uncover Spring Framework Vulnerability
Software frameworks are enjoying enormous popularity these days among a range of developers. It's popularity well earned; frameworks provide powerful tools for building more flexible and less error-prone applications. They generally enhance developer productivity with out-of-the-box functionality. And they can free developers to focus on features instead of common coding tasks.
- 3PAR Server Arrays Integrate Fat-to-Thin Processing
Utility storage provider 3PAR has announced the release of the 3PAR InServ T400 and T800 Storage Servers. The new hardware is built on the company's third-generation InSpire architecture, featuring the 3PAR Gen3 ASIC with integrated fat-to-thin processing.
