Big Patch Day

Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.Microsoft's update, expected later today, will patch a "critical" vulnerability in Windows 2000, according to Microsoft's Advance Notification for January 2010.

This flaw also affects Windows XP, Server 2003, Vista, Server 2008, Windows 7, and Server 2008 R2 - but Microsoft considers the flaw a low-risk in those operating systems.

Security managers who have been paying attention may had of been expecting a fix for the potential denial-of-service condition in Windows 7 (and Windows Server 2008 R2) that was announced publicly by a security researcher about two months ago. From Thomas Claburn's story, Microsoft Investigating Zero-Day Windows 7 Flaw on the impact:

"The operating system actually freezes," he said [Simon Price, writing for the Praetorian Perfect blog]. "There is no error message, no blue screen of death, no indication that anything has gone wrong. Even after power cycling, the event logs show no sign of a mishap, aside from the typical events generated from booting up again."

A fix for this flaw wasn't in the Advanced Notification Bulletin, so we'll probably have to wait until at least next month for a fix, unless Microsoft releases something in the meantime.

While today is what has become known as "Patch Tuesday" for Microsoft customers, the most important patches today may come from Adobe and Oracle.

Adobe is set to publish a fix for a Zero Day vulnerability in its PDF format that has been the target of attacks recently.

For its part, according to this pre-patch announcement, Oracle plans to publish two dozen security patches today. More than one-third of the patches are for Oracle's Database Server, with others for Application Server, Applications Suite, among others.

For security managers, today will be a busy one, as they scramble to dispatch more than two-dozen patches for three vendors.

Read more about:

2010

About the Author

George V. Hulme, Contributing Writer

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights