News

Light 'Patch Tuesday' On Tap

November looks to be one of the thinnest patches releases of 2007 as Microsoft said it plans to release just two security bulletins.

November looks to be one of the thinnest patches releases of 2007 as Microsoft said it plans to release just two security bulletins, one "Critical" and one "Important."

The lone critical issue has remote code execution implications and affects Windows XP Service Pack 2, all versions of XP Professional 64 and multiple versions of Windows Server 2003, including both service packs for Intel Itanium processor-based systems, which are mainly used in enterprise server environments.

The second patch, labeled as important, deals with a subject Microsoft announced ahead of last month's patch release and then pulled off the table for the actual release -- spoofing.

Spoofing attacks occur when a hacker or malicious program hides its identity, throwing security admins off the trail by pretending to be someone or something entirely different. They then use this anonymity to gain unwarranted Read and/or Write access.

The issue covers Windows 2000 Service Pack 4 and every Windows Server 2003 version.

Both fixes will require system restarts.

The company will release, as usual, an update to the Microsoft Windows Malicious Software Removal Tool. Redmond also plans to roll out three high-priority non-security updates on Microsoft Update; there are none for Windows Update.

Thursday's advance notification isn't the final word; but security experts should always pay closer attention to server side or network level threats, and despite the light release, this month may be no different.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.