Each second Tuesday of each month, Redmond-based software giant Microsoft releases patches and fixes for its products, as part of what has become known as the Patch Tuesday program. For the months of November and December 2009, Microsoft released 6 security bulletins that addressed 12 and 15 vulnerabilities respectively. January 2010’s Patch Tuesday is not as impressive as that.
For the month of January, a single security bulleting is included in the Patch Tuesday program. That 1 security bulletin refers to 1 critical vulnerability that affects the Windows operating system. The vulnerability is critical, I’ll give you that, but the OS version it affects is Windows 2000. For all other operating systems the vulnerability is rated as low. Still, you should make sure to get the update and stay safe, even if it is a low security vulnerability.
SPONSORED LINKS
Perhaps more interesting is the fact that Microsoft will not address the first uncovered Windows 7 vulnerability, a Denial-of-Service (DoS) vulnerability that affects the Server Messaging Block (SMB) Protocol - SMBv1 and SMBv2. This vulnerability was discovered by researcher Laurent Gaffié and according to him, if exploited by a person with malicious intent, it could allow that attacker to remotely crash Windows 7 (and/or Windows Server 2008 R2) on a LAN or via IE.
Jerry Bryant, on behalf of the Microsoft Security Response Center (MSRC), commented: “I want to proactively point out that we will not be addressing Security Advisory 977544 (Vulnerability in SMB Could Allow Denial of Service). We are still working on an update for the issue at this time. We are not aware of any active attacks using the exploit code that was made public for this vulnerability and continue to encourage customers to follow the guidance in the advisory which outlines best practices to help protect systems against attacks that originate outside of the enterprise perimeter.”