The Inquirer-Home

Microsoft gears up for a fat January Patch Tuesday

Includes a security feature bypass
Fri Jan 06 2012, 14:42

SOFTWARE PATCH HOUSE Microsoft is readying one of its biggest January Patch Tuesdays to date with seven bulletin updates.

The first updates of the year will be released on 10 January and will span multiple versions of Windows and Microsoft developer tools. The seven bulletins will cover eight vulnerabilities.

The first bulletin is tagged as critical, the highest rating the firm uses, and relates to remote code execution. The remaining bulletins are all rated as important, the second highest rank, two of which also enable remote code execution.

The remaining four bulletins are tagged as security feature bypass, elevation of privilege and information disclosure items. Microsoft's January patch typically contains one or two bulletins.

Wolfgang Kandek, CTO of IT security firm Qualys said, "Bulletin two stands out as it is tagged as 'Security Feature Bypass', which is a new category. Next Tuesday it will be interesting to see, which exact Windows features are involved and how this vulnerability can be used by attackers."

He pointed out that the critical rating for bulletin one can be downgraded to important for Windows 7 and Windows 2008 R2 users, and those releases are not vulnerable to bulletins three and four. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Blackberry completes restructuring process

Do you think Blackberry can bounce back to growth?