Microsoft told the world yesterday that it will host a rather slim “Patch Tuesday” next week with only one bulletin for a vulnerability in Windows. Microsoft said it’s considered critical on Windows 2000 but low for all other platforms.
“As we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high which lowers the overall risk,” Jerry Bryant wrote on Microsoft’s Security Response Center Blog.
The single patch will come as a relief to recession-shrunken IT staffs that have had to deal with numerous fixes for the past few months, including the mammoth Tuesday release in October when they faced 13 security bulletins.
One outstanding vulnerability that made the news in November that WON’T be patched Tuesday is the denial-of-service vulnerability in the Server Message Block (SMB) protocol.
In a November 13 advisory, Microsoft said: “This vulnerability cannot be used to take control of or install malicious software on a user’s system. However, Microsoft is aware that detailed exploit code has been published for the vulnerability. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.”
Tom Kelchner