Microsoft’s first two patches in 2008

Microsoft first two patches this year are to ship today. As these are the first of undoubtedly many (Microsoft issued 69 security bulletins in 2007) to come, one of those rated “critical” (Microsoft’s highest severity rating), is for all versions, including the newest Windows Vista. The second issue (rated “important”) affects Windows 2K, XP and Server 2003.

The “critical” one is designed to fix the hole in the Microsoft DirectX Media SDK. It could be used by remote attackers to cause denial of service or gain access and complete control of an affected system.
The “important” patch in turn is to fix a buffer overflow in the Microsoft Windows CFileFind Class “FindFile()” function.