January brings two Windows patches

Author: Gareth Halfacree
Published: 9th January 2008

You know that Bill will have updated his copy of Windows by now, so what's your excuse?

Microsoft launched its regular 'Patch Tuesday' updates via Windows update yesterday, and it's a two-fer on security patches for Windows.

Anyone using any version of Windows since Windows 2000 will be advised to install the first patch, described by Microsoft as 'critical' and designed to plug two flaws in the default TCP/IP stack. The bugs, if left unpatched, could allow malicious types to execute arbitrary code on your PC remotely and even to create themselves a lovely new user account.

The second patch only applies to Windows versions prior to Microsoft's latest and greatest Vista, and is rated as 'important'. The update is again designed to prevent arbitrary code execution under an elevated account (which is to say, an account with system privileges) via a hole in the Windows Local Security Authority Subsystem Service. That's the LSASS.EXE process you keep seeing pop up in Task Manager, and is somewhat ironically responsible for system logins and security. Vista users may commence sniggering now.

Patch Tuesday for January 2008 also saw the release of five other 'high-priority' updates, although none are security related. Users of Windows Update (rather than the new-and-improved Microsoft Update) will only see two additional patches.

Have you already installed the updates, or are you secure in the knowledge that your firewall will protect you from the nasties? Let us know via the forums.