In a patch released today, Microsoft has fixed a critical hole in Windows in addition to two less serious holes in Microsoft Office. There was a vulnerability in the Windows Internet Name Service that “could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service.”
The hole only exists in Windows Server 2003 and 2008, which fortunately isn’t the choice of operating system for most home users. It also only affects operating systems that run WINS, which isn’t a mandatory part of the Windows Server installation but many enterprises require. If left unchecked, attackers could trigger a denial of service (DOS) and possibly execute remote code on the server.
The other two holes in Microsoft PowerPoint that allow remote code execution if a user opens a malicious file has also been fixed. This bug is present in Office XP, Office 2003, Office 2007; Office 2004 and Office 2008 for Mac. Find out more on the Microsoft website.
Filed in Microsoft, Office, Security, Server, Update and Windows.. Read more about