Microsoft set for small Patch Tuesday

IT administrators will be relieved to hear that next week's Microsoft Patch Tuesday will see just one bulletin addressing a single vulnerability in Windows.

Microsoft security spokesman Jerry Bryant announced the news in a blog posting, explaining that the single vulnerability is rated as 'critical' on Windows 2000 and 'low' for all other platforms.

"Customers with Windows 2000 systems will want to review and deploy this update as soon as possible but, as we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high, which lowers the overall risk," he wrote.

The news will come as something of a relief to IT staff, who have recently had to cope with mammoth security updates from Microsoft. In October, the firm released 13 bulletins addressing a whopping 34 vulnerabilities.

But there was also cause for concern among security professionals, as Bryant pointed out that Microsoft's security team is not addressing a known flaw in its Server Message Block protocol which could enable denial-of-service attacks.

"We are still working on an update for the issue at this time," he wrote. "We are not aware of any active attacks using the exploit code that was made public for this vulnerability, and continue to encourage customers to follow the guidance in the advisory which outlines best practices to help protect systems against attacks that originate outside of the enterprise perimeter."

Matthew Walker, UK and Ireland director at endpoint management firm Lumension, warned IT administrators not to get used to the lighter patch load seen this month.

"Perhaps they can use the time to prepare for the numerous updates and patches yet to come, and also resolve the current Server Message Block denial-of-service problems, the MySQL zero-day rumours and the latest Adobe PDF issue," he said.

"Bear in mind that patches for these issues are around the corner. Just because they aren't being addressed with the first patch bulletin of the year doesn't mean that IT administrators should not keep a close eye out for them shortly."