Posted by Virus Bulletin on Nov 12, 2008
Just two updates released by Microsoft this month: one rated critical, one important.
Microsoft has issued two updates in the November round of its monthly patch release cycle, one of them rated 'critical'.
The critical update addresses vulnerabilities in Microsoft XML Core Services which could be exploited to create a web page that would cause the Internet Explorer browser to execute malicious code. There are currently no known exploits for this vulnerability in the wild, although Microsoft's 'Exploitability index' assigns the vulnerability a rating that indicates that consistent exploit code is likely to be created.
The update assigned the slightly less severe rating of 'important' addresses a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol which, again, could be exploited to allow an attacker to execute code remotely.