Only one update on Microsoft's forthcoming Patch Tuesday
Next Patch Tuesday, the 12th of January, Microsoft plans to release only one update to close a single hole in Windows. According to the advance notification, the hole is only critical under Windows 2000. Under Windows 7, Vista, XP, 2003 Server and 2008 Server, Microsoft rates it as low risk. The vendor also considers it unlikely that a functioning exploit for the hole will appear.
According to the Security Response Center, the DoS vulnerability in the SMB clients of Windows 7 and Windows Server 2008 R2, which has been known since mid November, will remain unpatched. However, the flaw can only be exploited using manipulated SMB servers which send compromised packets to clients – apparently a scenario which is so unlikely that Microsoft has reportedly not observed any attacks so far.
Next Tuesday will also bring the long-awaited update for Adobe Reader to close a hole that has been actively exploited for several weeks. Apparently the update will also solve several other security problems.
- Despite increasingly frequent attacks, no update for Adobe's Reader, a report from The H.
- DoS vulnerability in the SMB client of Windows 7 and Server 2008 R2, a report from The H.