Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Microsoft patch will lead to 900 million reboots

According to Alan Bentley, senior vice president with Lumension, next week's Tuesday updates will involve a dozen patches fixing 22 vulnerabilities.

The good news, Infosecurity notes, is that one of the critical patches is the long awaited Internet Explorer fix that will address the public vulnerability threat.

"After a pretty relaxed January patch bulletin, 900 million people will be having to patch and reboot their system following the release of three critical patches", said Bentley.

"As we know from experience, reboots of this magnitude have been known to upset services and applications so it's possible we will see similar problems to what we encountered in 2007, when a large Microsoft Patch that required a reboot crippled applications, Skype in particular", he added.

The Lumension SVP went on to say that, although Microsoft appears to be doing a bit of spring cleaning this Patch Tuesday with a lot of regular 'run of the mill' stuff, it can't be emphasised enough that this will be a massive simultaneous reboot.

"Historically, we've seen services greatly impacted with such an undertaking", he explained.

Over at fellow IT security vendor Qualys, Wolfgang Kandek, the firm's CTO, said noted that three of the bulletins are critical and include updates to address the recently disclosed flaws in Internet Explorer "css.css" - Microsoft Security Advisory 2488013 and Windows "thumbnail preview" - Microsoft Security Advisory 2490606.

"These vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended", he said.

According to Kandek, in addition the lower rated flaw in the FTP service is addressed with an update to the IIS server.

"The remaining updates address flaws in Windows, Office and the development platform Visual Studio. All versions of Windows starting with Windows XP SP3 up to the latest versions Windows 7 and Windows Server 2008 R2. The Office bulletin, however is limited to a relatively small footprint: the Visio versions 2002, 2003 and 2007", he explained.

The slightly bad news is that the recent MHTML issue in Windows/Internet Explorer will not be addressed in this update.

Kandek points out that the workaround suggested by Microsoft in Advisory 2501696 continues to be the recommended way of mitigating this attack vector.