14 DAY TRIAL // Microsoft's latest and most secure platform to date, Windows Vista, is vulnerable to attacks targeting a vulnerability residing in Windows Services for UNIX and in the Subsystem for UNIX-based Applications. However Vista is not the only product affected by the issue. Windows Services for UNIX provides a vector of attack for Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2. Additionally Windows Server 2003 x64 Edition and both the 32-bit and 64-bit editions of Windows Server 2003 Service Pack 2 and Windows Vista can be compromised through Subsystem for UNIX-based Applications.
Through the successful exploitation of the UNIX-related security flaw on Windows, an attacker can perform elevation of privileges on Vista and the other affected operating systems. This is why Microsoft has labeled the vulnerability with a severity rating of Important. The information was officially confirmed by Microsoft, via the Security Bulletin Advance Notification for September 2007.
For September Microsoft is cooking a total of five security bulletins, one cataloged as Critical and the remaining four considered only of an Important level. September is proving a slow month for the Redmond company in terms of security patches. Microsoft will address in this month's patch cycle Critical vulnerability/vulnerabilities only in Windows 2000. This is the sole case where remote code execution is the result of an exploit.
Christopher Budd, security program manager in the Microsoft Security Response Center (MSRC) made public the complete list of security bulletins scheduled to go live on September 11. "As we do each month, as part of our processes to help make security updates more predictable and assist with your planning, we've posted our Advance Notification with preliminary information about next week's release. As a reminder, we provide this early information to help with planning, but it can change between now and next Tuesday. As part of our regularly scheduled bulletin release, we're currently planning to release five security bulletins," Budd stated.
Microsoft will patch Windows, Visual Studio, Windows Services for UNIX and the Subsystem for UNIX-based Applications, MSN Messenger, Windows Live Messenger and Windows and Microsoft SharePoint Server.