What is Patch Tuesday?
Microsoft provides core platform patches and updates monthly, usually on the second Tuesday of each month. This has become known as Patch Tuesday.
What has been fixed this time round?
The patch includes a fix for a critical hole allowing remote code execution in Windows. Importantly, this patch is only available for newer versions of Windows such as Vista and Windows 7, meaning that the vulnerability is found in the newer Windows code.
While this fix is regarded as critical by Microsoft, two of the other fixes were rated as important and one only as moderate.
Full details of the patches can be found on Microsoft’s official blogs
What hasn’t been included?
Interestingly, this Patch Tuesday did not include a permanent fix to the Duqu worm. Duqu was discovered on 1 September 2011, thought to be related to the Stuxnet worm. Microsoft did quickly release a workaround to protect users from Duqu but has yet to provide a permanent solution.
How do I make sure I’m protected?
Nearly all PC users will automatically download and update their operating system so in most cases all the user needs to do is reboot their machine when prompted. Elsewhere, network administrators in business and industry will manage the updating of the system, after all Patch Tuesdays are common practice.
Not that we should be concerned. Microsoft announced in a blog post that although it was theoretically possible for attackers to use the remote code execution (RCE, fixed in this patch), they “believe it is difficult to achieve RCE using this vulnerability considering that the type of network packets required and the small timing window between the release and next access of the structure, and a large number of packets are required to pull off the attack,” Microsoft said.
Leave a reply
