Microsoft to patch controversial Windows Support flaw
Microsoft is set to patch a critical flaw in Windows Support that was made public by a Google security researcher.
Last month, Google employee Tavis Ormandy released details of the hole in XP and Server 2003, only a few days after notifying Microsoft. His actions reignited the debate about responsible disclosure, while the software giant’s response lead to the founding of the Microsoft Spurned Researcher Collective.
At the time Microsoft released a workaround, but will issue a full patch next week as part of its monthly Patch Tuesday update cycle.
Alongside the Support patch, Microsoft is issuing three other updates to fix a total five vulnerabilities. A flaw in the 64-bit versions of Windows 7 and Server 2008 R2 will be fixed, while bulletins three and four address flaws in Access and Outlook.
The senior vice president of security firm Lumension, Alan Bentley, advised IT departments running Windows 7 to prioritise that patch as it will affect desktop users. “Bulletin 1 and 2 both affect Microsoft Windows and are critical, as the vulnerabilities addressed could allow for remote-code execution, typically the most feared exploit type,” he added.
While the Access update is limited to businesses using the database software, Bentley “strongly” encouraged users to quickly roll out the Outlook patch. “Vulnerabilities in email clients are always a concern,” he said.