14 DAY TRIAL // December 2008 was a sufficiently tough month for Microsoft, when it came down to plugging security holes in its products, but January 2009 will more than make up for it. The software giant announced that it planned to release a single security bulletin, come January 13, 2009. According to the preliminary information published by the company, the security bulletin will impact all supported releases of the Windows client and server platforms, and will carry with it the maximum Microsoft risk rating.
“It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release one security bulletin: one Microsoft Security Bulletin rated as Critical. The update will require a restart, and will be detectable using the Microsoft Baseline Security Analyzer. As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated,” Bill Sisk, Microsoft Security Response Center communications manager, revealed.
According to the Redmond company, users of Windows Server 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, as well as Windows Vista RTM and SP1 and Windows Server 2008 will all be impacted by the bulletin. The vulnerabilities planned for patching the coming week have been rated as Critical on XP SP2 and SP3, and as just Moderate on Vista RTM and SP1.
In December 2008 Microsoft released no less than 8 security bulletins on its traditional Patch Tuesday, six of which were Critical. Subsequently, the company made available a December 2008 Out-of-Band patch, designed to resolve a zero-day Critical vulnerability in Internet Explorer, which was already under attack in the wild.
“We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS), as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS),” Sisk added.