Software // Enterprise Applications
04:25 PM
Connect Directly
Repost This

Microsoft Plans Light Patch Tuesday

One fix addresses a "critical" issue and one addresses a flaw rated "important," and neither is needed for Windows Vista.

Microsoft on Thursday said that it planned to issue two security fixes next week with the arrival of "Patch Tuesday," the company's regularly scheduled repair day.

That's considerably fewer than the seven bulletins issued in October, the nine issued in August, or the 12 issued in February. Given the lighter load, IT managers may want spend part of the day catching up on some much needed sleep. A survey published and funded by Cisco Systems this week found federal IT decision makers are more concerned about security than in previous years, even after spending more time attending to security than in the past. So much so that many are losing sleep over protecting their networks.

Microsoft did not specify the nature of the fixes, as is customary with its advanced notifications. One addresses a "critical" issue and one addresses a flaw rated "important."

The critical vulnerability allows remote code execution and the important vulnerability can be used for spoofing.

The affected software includes Windows 2000, Windows XP, and Windows Server 2003. Windows Vista does not appear to be affected by these flaws.

It may be that the critical vulnerability is the one Microsoft warned about on Monday. That flaw, a vulnerability in the Macrovision secdrv.sys driver in Windows Server 2003 and Windows XP, is actively being exploited, the company said.

Macrovision has released its own patch for the problem and Microsoft said that it would address the issue as part of its planned patch release schedule.

More likely, Microsoft will address the URI-handling vulnerability that it acknowledged in October. This flaw has already been exploited by spammers who send malicious PDF files.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.