Only one fix due for January's Patch Tuesday

 

Gallery

By Miya Knights

Posted on 9 Jan 2009 at 13:01

Microsoft is set to release only one update as part of its monthly round of security patches next Tuesday.

Last month, the software maker issued its largest ever Patch Tuesday bulletin, containing eight fixes which addressed 28 vulnerabilities.

This month's update had been given Microsoft's highest security rating of "critical", and addresses both server and desktop versions of Windows.

The flaw could allow attackers to install unauthorised software on a victim's computer.

The Microsoft Security Bulletin doesn't give much detail on the vulnerability, but there are a number of bugs affecting the Windows OS that Microsoft could be planning to fix.

In the last month alone, Microsoft warned about flaws uncovered in its TextConverter, WordPad and SQL Server database software.

Security vendor SecurityFocus said at the end of December that it had uncovered a remote code execution flaw in versions 9, 10 and 11 of Microsoft's Windows Media Player running on Windows Vista or XP.

Microsoft was quick to respond with a posting of its own on the Microsoft Security Centre blog, admitting that the code posted in the Bugtraq blog could crash the player, but dismissing SecurityFocus's claim that it could compromise the security of the rest of a Windows system.

One recent flaw Microsoft won't have to address was discovered in Internet Explorer 7 in December. The software maker deemed the vulnerability, which allowed hackers to install password-stealing software on affected PCs, to be so serious it rushed out a patch within eight days, outside of the regular round of monthly patching.