MS preps critical Vista patch for Tuesday

As Redmond unwraps 'comments disabled' vuln research blog

By John Leyden • Get more from this author

Posted in Security, 4th January 2008 12:53 GMT

Free whitepaper – Securing your online data transfer with SSL

Microsoft plans to issue two security patches next Tuesday, one of which earns the dreaded rating of critical, in this year's first edition of its regular Patch Tuesday update cycle.

The critical update covers a flaw that allows the remote execution of malicious software on vulnerable clients, including Windows Vista systems. The patch is also a critical update for Windows XP. The second update, rated as "important", covers an unspecified privilege elevation flaw.

Both patches will require a reboot, as explained in Microsoft's advance bulletin here.

More details will follow once Microsoft publishes its patches on 8 January. Microsoft also plans to issue five high priority, non-security updates on Microsoft Update and two high priority, non-security updates on Windows Update as well as an update to its malicious software removal tool on Tuesday.

In related news, Microsoft launched a new Security Vulnerability Research and Defense blog late last week. Redmond has run other security-related blogs in the past (such as its Security Response and Anti-Malware Team blog), but the new addition promises to offer more in-depth technical information about vulnerabilities and suggestions about possible workarounds.

Microsoft has taken the unusual step of disabling comments on the blog, something allowed on other Redmond-run sites. Interested parties are invited to submit feedback by email instead. ®

Free whitepaper – Vulnerability management buyer's checklist