Commentary
Big Patch Day
Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.Microsoft's update, expected later today, will patch a "critical" vulnerability in Windows 2000, according to Microsoft's Advance Notification for January 2010.
This flaw also affects Windows XP, Server 2003, Vista, Server 2008, Windows 7, and Server 2008 R2 - but Microsoft considers the flaw a low-risk in those operating systems.
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Security managers who have been paying attention may had of been expecting a fix for the potential denial-of-service condition in Windows 7 (and Windows Server 2008 R2) that was announced publicly by a security researcher about two months ago. From Thomas Claburn's story, Microsoft Investigating Zero-Day Windows 7 Flaw on the impact:
"The operating system actually freezes," he said [Simon Price, writing for the Praetorian Perfect blog]. "There is no error message, no blue screen of death, no indication that anything has gone wrong. Even after power cycling, the event logs show no sign of a mishap, aside from the typical events generated from booting up again."
A fix for this flaw wasn't in the Advanced Notification Bulletin, so we'll probably have to wait until at least next month for a fix, unless Microsoft releases something in the meantime.
While today is what has become known as "Patch Tuesday" for Microsoft customers, the most important patches today may come from Adobe and Oracle.
Adobe is set to publish a fix for a Zero Day vulnerability in its PDF format that has been the target of attacks recently.
For its part, according to this pre-patch announcement, Oracle plans to publish two dozen security patches today. More than one-third of the patches are for Oracle's Database Server, with others for Application Server, Applications Suite, among others.
For security managers, today will be a busy one, as they scramble to dispatch more than two-dozen patches for three vendors.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
