Microsoft slates single Windows patch for Tuesday
Microsoft Thursday said it will issue just one security update next week, down dramatically from last month's record-setting eight updates that patched 28 vulnerabilities.
The single security update slated for Tuesday, Jan. 13, has been tagged "critical" by Microsoft, which posted its usual advance notice Thursday of what to expect for its monthly patch cycle.
All currently-supported versions of Windows are affected, said Microsoft. As is often the case, older editions -- Windows 2000 , Windows XP and Windows Server 2003 -- are at more risk than the newer Windows Vista and Windows Server 2008. Microsoft rated the threat to the older versions as critical, but pegged the threat to newer editions as "moderate," the second-from-the-bottom rating in the company's four-step scoring system.
Andrew Storms, director of security operations at nCircle Network Security Inc., again put his money on a long-standing Windows bug as the problem Microsoft will patch.
"My guess is that it's the token kidnapping bug," said Storms, who had named the same unpatched vulnerability as a likely suspect before Microsoft's December patching. "There are three outstanding vulnerabilities. That one, WordPad and SQL Server. WordPad isn't in Windows Server 2008," said Storms, who noted that the server software is set for a patch next week. "And if they were going to patch SQL Server, I think they would list it as 'SQL Server,' not 'Windows,'" he added.
Two weeks ago, Microsoft confirmed that it has been working on a fix for a critical vulnerability in SQL Server for almost nine eight months, but denied that it has had a patch ready since September, as an Austrian security researcher has alleged.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
microsoft
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
