Big Patch Day
Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.
January 12, 2010
Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.Microsoft's update, expected later today, will patch a "critical" vulnerability in Windows 2000, according to Microsoft's Advance Notification for January 2010.
This flaw also affects Windows XP, Server 2003, Vista, Server 2008, Windows 7, and Server 2008 R2 - but Microsoft considers the flaw a low-risk in those operating systems.
Security managers who have been paying attention may had of been expecting a fix for the potential denial-of-service condition in Windows 7 (and Windows Server 2008 R2) that was announced publicly by a security researcher about two months ago. From Thomas Claburn's story, Microsoft Investigating Zero-Day Windows 7 Flaw on the impact:
"The operating system actually freezes," he said [Simon Price, writing for the Praetorian Perfect blog]. "There is no error message, no blue screen of death, no indication that anything has gone wrong. Even after power cycling, the event logs show no sign of a mishap, aside from the typical events generated from booting up again."
A fix for this flaw wasn't in the Advanced Notification Bulletin, so we'll probably have to wait until at least next month for a fix, unless Microsoft releases something in the meantime.
While today is what has become known as "Patch Tuesday" for Microsoft customers, the most important patches today may come from Adobe and Oracle.
Adobe is set to publish a fix for a Zero Day vulnerability in its PDF format that has been the target of attacks recently.
For its part, according to this pre-patch announcement, Oracle plans to publish two dozen security patches today. More than one-third of the patches are for Oracle's Database Server, with others for Application Server, Applications Suite, among others.
For security managers, today will be a busy one, as they scramble to dispatch more than two-dozen patches for three vendors.
Read more about:
2010About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024