Share

Related Links

  • Lumension
  • Qualys
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

Microsoft patch will lead to 900 million reboots

04 February 2011

Next week's patch Tuesday will, says Lumension, lead to 900 million reboots of Windows machines around the world. Sadly, whilst this sounds a rather large power-draining volume of unnecessary PC actions, the reality is that it's not that abnormal.

According to Alan Bentley, senior vice president with Lumension, next week's Tuesday updates will involve a dozen patches fixing 22 vulnerabilities.

The good news, Infosecurity notes, is that one of the critical patches is the long awaited Internet Explorer fix that will address the public vulnerability threat.

"After a pretty relaxed January patch bulletin, 900 million people will be having to patch and reboot their system following the release of three critical patches", said Bentley.

"As we know from experience, reboots of this magnitude have been known to upset services and applications so it's possible we will see similar problems to what we encountered in 2007, when a large Microsoft Patch that required a reboot crippled applications, Skype in particular", he added.

The Lumension SVP went on to say that, although Microsoft appears to be doing a bit of spring cleaning this Patch Tuesday with a lot of regular 'run of the mill' stuff, it can't be emphasised enough that this will be a massive simultaneous reboot.

"Historically, we've seen services greatly impacted with such an undertaking", he explained.

Over at fellow IT security vendor Qualys, Wolfgang Kandek, the firm's CTO, said noted that three of the bulletins are critical and include updates to address the recently disclosed flaws in Internet Explorer "css.css" - Microsoft Security Advisory 2488013 and Windows "thumbnail preview" - Microsoft Security Advisory 2490606.

"These vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended", he said.

According to Kandek, in addition the lower rated flaw in the FTP service is addressed with an update to the IIS server.

"The remaining updates address flaws in Windows, Office and the development platform Visual Studio. All versions of Windows starting with Windows XP SP3 up to the latest versions Windows 7 and Windows Server 2008 R2. The Office bulletin, however is limited to a relatively small footprint: the Visio versions 2002, 2003 and 2007", he explained.

The slightly bad news is that the recent MHTML issue in Windows/Internet Explorer will not be addressed in this update.

Kandek points out that the workaround suggested by Microsoft in Advisory 2501696 continues to be the recommended way of mitigating this attack vector.

This article is featured in:
Application Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×