For those of us managing IT infrastructure, we have adapted to the constant surprises that Murphy's Law imposes on us. But, the one thing that we can always count on is a security announcement from Microsoft on the second Tuesday of every month also known as "Patch Tuesday".
However, this month we were informed of a new vulnerability (977894) discovered in Hyper-V that could cause a denial of service if an authenticated user were to run a sequence of malformed machine instruction from within a virtual guest. This vulnerability can only be exploited if a user has valid logon credentials and logs on locally to the virtual guest and can not be exploited remotely or by anonymous users. This security update applies to all x64-based editions of Windows Server 2008, Windows Server 2008 R2, Hyper-V Server 2008 and Hyper-V Server 2008 R2. The security bulletin doesn't make it clear that this update applies to versions of Hyper-V Server, but is buried within the FAQ. This update is to be installed on the host only and not on the virtual guest. Environments that are configured with Automatic Updates enabled will apply this update automatically.
For more information on this security bulletin or to download the security update, then please visit the link below.
http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx
Wednesday, February 10, 2010
Subscribe to:
Post Comments (Atom)
2 comments: