In association with heise online

07 June 2013, 11:16

Microsoft Patch Tuesday - with or without 0-day patch?

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft M patched Microsoft plans to release five security bulletins on its June Patch Tuesday next week. A critical bulletin affects all versions of Internet Explorer, while three important bulletins close security holes in all currently supported versions of Windows. Another important bulletin addresses vulnerabilities in Office 2003 Service Pack 3 and Office for Mac 2011.

Microsoft's advance notification doesn't mention whether it will also patch the privilege escalation hole in Windows that was disclosed by Google security expert Tavis Ormandy. A working exploit for that vulnerability is already in circulation.

Tavis Ormandy caused annoyance at Microsoft when he disclosed the security hole in May. Instead of reporting the hole to Microsoft, the researcher released the details on the Full Disclosure security mailing list. The Google employee has been known to choose this approach in the past and has frequently preferred the Full Disclosure mailing list over notifying the manufacturer in advance.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit