Vulnerabilities in Event System Could Allow Remote Code Execution
Description: This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. The security update addresses the vulnerabilities by changing the way that Event System handles per-user subscriptions.
Update type: Important
Release date: August 12, 2008
Applies to: All
Knowledge base: http://support.microsoft.com/kb/950974
Comments: Here are the specifics on the vulnerabilities covered by this update:
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB950974.