IDG News Service - September is starting to look like a quiet month for Microsoft Corp.'s security response team. The software vendor said its monthly release of security fixes, expected Tuesday, will cover only one issue: an unidentified flaw in the Windows operating system.
The bug is rated as critical, meaning that a worm could take advantage of it without user action.
The patch for this bug, called an "update" by Microsoft, will come as part of the company's regular monthly patch release cycle. Microsoft releases most software patches on the second Tuesday of each month, a date that has come to be known as "Patch Tuesday" by security professionals.
In August, Microsoft released six updates on Patch Tuesday, and hackers wasted no time in targeting one of the problems they fixed. Within days, a number of different worm attacks that exploited a bug in the Windows Plug and Play service began taking down an estimated 250,000 computers, primarily Windows 2000 systems running in corporate environments (see "Worm wave highlights need for speedier defenses").
When Microsoft releases a large number of patches, companies can spend the entire month testing the new software to make sure it works with their applications. But with only one bug to be patched this month, it should be much easier, said Steve Manzuik, a product manager at eEye Digital Security Inc.'s research group.
"I think September will be quiet," Manzuik said. "When we get the six, seven, eight or nine patches, it gets to be a bit more difficult."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
