Microsoft promises lightweight Patch Tuesday
Microsoft has promised a lightweight Patch Tuesday, with just two vulnerabilities being addressed.
In its advanced bulletin, Microsoft warned that the update will address a critical flaw found in Windows 2000, XP, Vista, Server 2003 and Server 2008.
The update is rated as important – Microsoft’s second highest threat alert – for Windows 7 and Server 2008 R2, though Redmond claims these operating systems aren’t currently vulnerable.
Windows 7 and Windows Server 2008 R2 customers will be offered the Windows-related update but they are not vulnerable in their default configurations
“Windows 7 and Windows Server 2008 R2 customers will be offered the Windows-related update but they are not vulnerable in their default configurations,” said Jerry Bryant, security group manager, on the Microsoft Security Response Center blog.
Microsoft followed a similar tactic with its VBScript scripting update, which was applied to all OSes despite Vista, Server 2008, Windows 7 and Server 2008 R2 not being vulnerable.
Microsoft calls the tactic “defence in depth” and it’s intended to stop hackers from finding a way to exploit the flaw in the future.
Bryant also confirmed that the company will not be issuing fixes for the recently discovered flaws in SharePoint 2007 and all versions of Internet Explorer, claiming “our teams are still working on an update for that issue.”
The bugs allow hackers to access confidential information on SharePoint servers, and remotely read documents on a user’s hard drive. Microsoft has offered a workaround while it works on a fix.
May’s Patch Tuesday comes as welcome respite after April’s monster bulletin, which contained 11 security updates addressing 25 flaws, including nine rated critical.