News

One Fix Expected for Patch Tuesday

Microsoft's first security update rollout of 2009 may be a quiet one, according to an advance notification released Thursday.

Microsoft's first security update rollout of 2009 may be a quiet one, according to an advance notification released Thursday. January's Patch Tuesday will consist of just one "critical" patch.

The light release follows a December patch cycle that covered the most vulnerabilities in the history of Patch Tuesday, as well as included an out-of-cycle patch for Internet Explorer.

This latest bulletin addresses remote code execution and will cover Windows 2000, Windows XP and Windows Server 2003. Its severity has been deemed merely "moderate" for Vista and Windows Server 2008.

With a few known flaws left to be fixed from the end of 2008 -- one in WordPad Text Converter and another in the SQL Server database software, for instance -- there is a bit of speculation over which Windows component the upcoming patch will fix. Andrew Storms, director of security operations for independent security vendor nCircle, thinks Microsoft will fix a "known" Windows flaw rather than a zero-day bug.

"There are several exploits that have already been published, even some that may have been floating around for months on end," Storms said. "But we know the flaw is definitely something that allows hackers to gain unauthorized privileges through a workstation. We may even discover that what they fix is something more severe than previously thought."

According to the advance notification, Tuesday's patch will require a restart. Additionally, Redmond said it will issue one or more non-security (but high-priority) updates on Windows Update, Windows Server Update Services and Microsoft Update, as well as an upgraded version of its Windows Malicious Software Removal Tool. For more on these additional bells and whistles for Windows, Microsoft encouraged users to consult this Knowledge Base article.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • GitHub Expands Copilot Enterprise Search in Visual Studio and VS Code

    GitHub supercharged search for its Copilot Enterprise AI assistant in both Microsoft's Visual Studio IDE and Visual Studio Code so developers can now get results from well beyond local codebases, including the internet.

  • What's New in TypeScript 5.5, Now Generally Available

    Microsoft shipped the latest iteration of its type-infused superset of JavaScript, TypeScript 5.5, introducing inferred type predicates, control flow narrowing, JSDoc @import and other enhancements.

  • GitHub Copilot for Azure Gets Preview Glitches

    This reporter, recently accepted to preview GitHub Copilot for Azure, has thus far found the tool to be, well, glitchy.

  • New .NET 9 Templates for Blazor Hybrid, .NET MAUI

    Microsoft's fifth preview of .NET 9 nods at AI development while also introducing new templates for some of the more popular project types, including Blazor Hybrid and .NET MAUI.

  • What's Next for ASP.NET Core and Blazor

    Since its inception as an intriguing experiment in leveraging WebAssembly to enable dynamic web development with C#, Blazor has evolved into a mature, fully featured framework. Integral to the ASP.NET Core ecosystem, Blazor offers developers a unique combination of server-side rendering and rich client-side interactivity.

Most   Popular

Subscribe on YouTube