The first Patch Tuesday of 2009 is due to land next week, and the good news is it's a fairly light load to start the year with – just a single security update.
According to Microsoft's advanced notification bulletin
for the January 2009 security patch release cycle, there's just a single update due – something which will have sysadmins sighing with relief.
The not-so-good news is that the update is rated Critical by Microsoft's security team, and covers an as-yet unpublicised security vulnerability in all current versions of Windows. While no details are given for the vulnerability itself, it is known that the flaw can allow remote code execution when exploited – which accounts for its high importance rating.
The un-named flaw is rated Critical on Windows 2000 Service Pack 4, Windows XP Service Pack 2 and 3 plus the 64-bit editions thereof, and all editions of Windows Server 2003. The same bug is somewhat mitigated by in-built security enhancements in Windows Vista and Windows Server 2008, for which it only merits a Moderate tag – which usually means that code execution is prevented on these operating systems, or that exploitation is made more unlikely by in-built protection systems. There's no word yet on whether the flaw also exists in Microsoft's Windows 7 next-generation operating system, the public beta of which is immanently due
Whatever the flaw is – and we should be finding out on Tuesday – it's always good to see a security flaw fixed. While that's the only security update planned, the day will also bring the usual raft of non-security updates including the regular update for the Windows Malicious Software Removal Tool – Microsoft's package which detects and deletes the most common trojans and mass-mailing worms from infected systems automatically.
Pleased that this month's security patches are a light load, or are you worried that Microsoft might be getting complacent? Share your thoughts over in the forums