No fix for potential denial-of-service attack
Microsoft’s first Patch Tuesday of the year is expected to be a light one, with Redmond indicating that just one vulnerability will be addressed.
The single patch will address a ‘critical’ flaw in Windows 2000 systems, rated ‘low’ for all other platforms, spokesperson Jerry Bryant wrote on a posting on the Microsoft Security Response Centre blog.
Bryant also confirmed that the firm will not be fixing a known flaw in its Server Message Block (SMB) protocol, which could result in denial-of-service attacks.
“We are still working on an update for the issue at this time. We are not aware of any active attacks using the exploit code that was made public for this vulnerability and continue to encourage customers to follow the guidance in the advisory which outlines best practices to help protect systems against attacks that originate outside of the enterprise perimeter,” Bryant said.
IT departments throughout the enterprise world will be breathing a sigh of relief at the prospect of having just a single patch to roll out, according to Matthew Walker, regional director UK & Ireland at security firm Lumension.
“A belated Christmas present to all IT administrators is expected from Microsoft next Tuesday, in the form of what’s expected to be the lightest Patch Tuesday we’ve seen in years. Let’s hope that IT administrators can savour this unusually reduced patch release as they start the New Year. Perhaps they can use the time to prepare for the numerous updates and patches yet to come and also resolve the current SMB denial-of-service problems, the MySQL zero-day rumours and the latest Adobe PDF issue,” he said.
But walker also warned IT bosses to be on their guard for future patches. “Bear in mind that patches for these issues are around the corner. Just because they aren’t being addressed with the first patch bulletin of the year doesn’t mean that IT administrators should not keep a close eye out for them shortly,” he said.