On the heels of the November 2008 launch of security bulletin releases, Microsoft has made available for download the ISO Image, containing the updates for its operating system. The November 2008 Security Release ISO Image is a package that only comprises the security updates, which resolve vulnerabilities in various versions of Windows client and server platforms, including Windows Vista Service Pack 1 (SP1) and Windows XP Service Pack 3 (SP3).
“This is a light month, with two bulletins covering four vulnerabilities. The only ‘Critical’ issue this month is a previously public remote-code execution vulnerability (BID 21872) in Microsoft XML Core Services. The remaining three issues are rated ‘Important,’ and include two information-disclosure issues affecting XML Core Services and a remote code-execution issue in Server Message Block (SMB),” revealed Symantec’s Robert Keith.
The November 2008 Security Release ISO Image is designed to deliver a helping hand for IT administrators who have to download and implement multiple individual language versions of the patches made available by Microsoft this November. In the absence of Windows Server Update Services, the November 2008 Security Release ISO Image streamlines access to all the updates of this month, in all supported languages.
On the whole, with the two security bulletins released earlier this week, Microsoft patched a total of four vulnerabilities, including an issue that was initially reported to the company back in 2001. “If an attacker can trick a victim into connecting to a malicious SMB server, the attacker can reflect the victim’s credentials back, and gain access to the victim’s computer in the context of the currently logged-in user,” Keith added.