Patch Tuesday looking quiet this month
Microsoft has announced that this month’s ‘Patch Tuesday’ update will have just one fix. That’s a marked contrast to a few months with notable security problems.
The advance notice bulletin of the update comes with few details other than there being one fix rated critical, the most serious rating on Microsoft’s scale. It affects all supported editions of Windows, though in Vista and Server 2008 the issue is only rated ‘moderate’. (When simply listing problems, the firm gives the highest rating across the various software editions it affects.)
The bulletin also notes that the problem involves remote code execution. That’s where somebody operating one computer can effectively control another computer, making it one of the most serious security flaws.
There have been rumors of several ongoing security problems which Microsoft has been working on solutions too, but these affected individual programs (including the SQL database system and a WordPad convertor) rather than Windows itself.
There’s some speculation the problem being patched could be one known as the ‘token kidnapping bug’ which was first raised last April and can allow hackers to get a higher level of access to Windows (such as Administrator level). However, such a problem wouldn’t normally be classed as critical under Microsoft’s rating system.
Whatever the issue, Microsoft will be relieved to have a quiet update. Last month’s update set a new record with fixes for 23 critical bugs. And the firm had to issue two emergency patches in as many months, one for a serious bug in Internet Explorer which may have left2 million machines infected.
Speaking of Internet Explorer, version 8 may be appearing in the spring. Microsoft has just published a tool which corporate users can download to stop machines on their network automatically downloading and installing IE8 upon its release. Such tools normally appear around three months before the relevant release.
Related Posts:
