Microsoft makes tenuous ‘critical-free’ claim for Patch Tuesday
By John Lister
In something of a pleasant surprise, Microsoft is releasing a monthly update for Windows with no critical updates. It’s the first time that’s happened this year.
The update comes out tomorrow on what Microsoft terms ‘Patch Tuesday’ – the traditional slot on the second Tuesday of the month where it sends out all the security patches its developed in the last month, through the Automatic Update service. (They do this so that network managers and internet companies can prepare for the widespread downloading and rebooting.)
Though there are no updates ranked ‘critical’, there are four patches ranked ‘important’. The most significant involves correcting a bug in Windows Vista and Server 2008 which could allow remote code execution – a hacker being able to run any command they wanted on your computer.
While that’s clearly about as serious as it gets, Microsoft says it’s not been classified as a critical issue because it relies on the computer’s user doing something to trigger the loophole.
They wouldn’t explain what action this is though, so in practical terms this really is a must-have patch. Most users will, of course, get it automatically. But if you pick and choose which updates to install, you should probably treat this one as if it were marked critical.
A second patch deals with a bug which would allow spoofing attacks (a hacker posing as one computer) on all versions of Windows except Vista and Server 2008. The other patches involve Microsoft’s Server range and seek to stop hackers that have breached a machine from giving themselves elevated privileges – that is, being allowed to perform actions which only a legitimate administrator should do.
Those aren’t the only updates this month, though. XP Service Pack 3 will download via the Automatic Update service starting from Thursday, while the Update service will update itself at the end of month.
Related:
Entry was posted
on Monday, July 7th, 2008 at 3:31 pm
under 
Print This Post
Read more entries by John Lister.
July 8th, 2008
Aaaaah MS. XP did an auto update and killed my internet connection. Had to find an old restore point to get access to the internet back. That’s it, I’ve had enough of MS. I recently did a course using only Mac’s. As soon as the new MacBook Pro is released I’m switching. OSX just works, there is so much under the hood, and it is so well engineered. Well Done Apple!
July 9th, 2008
The “patch” also killed my access to Internet on two different computers using XP. I’m using a computer that has not been patched or I’d be dead here too! There’s a news story here. What a mess.
July 9th, 2008
Despite all the criticism, again, I think Microsoft is continuing to provide good support for people that have had problems with Vista. I’ve been seeing a lot more favorable reports about Vista (even from those without a specific agenda) lately. Of course, it’s had problems, but I think people are recognizing it’s time to be patient and work with what we have at the moment, which actually seems to be infinitely better than what we started with when the product was first released. I will be interested to see what happens when the next operating system is released, and if people will be overly critical simply because they feel burned by Vista.