Microsoft may be taking a bit of a breather, but that doesn’t mean an easy month for IT managers this patch Tuesday. Following the biggest patch Tuesday on record last month, Microsoft is catching its breath, with just three bulletins to be issued for November. Only one is critical, but all three may require a re-start.
While it may be a quieter month for patches, there’s still the matter of the Internet Explorer vulnerability that was discovered in the wild being used in ‘drive-by’ hacks that allow an attacker to perform a remote code execution, loading malware onto a visiting user’s network.
Despite this vulnerability affecting IE versions 6, 7 and 8 there continues to be no mention of it and Microsoft, despite issuing a work around, is not expected to release an out of band patch.
This could leave many users waiting for more than a month before they know they are fully protected from this threat, because a work around typically is not implemented by the majority of users. On the run up to Christmas, with industry experts predicting online shopping in the UK to increase by 23 per cent from 2009, it seems rather surprising that Microsoft haven’t prioritised a patch.
Adobe Systems plans to release a patch by Thursday to address a critical vulnerability in Adobe Flash Player. And, a local privilege escalation vulnerability that could allow attackers to execute malicious code with root rights was patched in the newly released Linux kernel 2.6.36.
So it might be a quieter month on the Microsoft front, but IT managers will still have their hands relatively full with a number of other notable patches from Adobe, Mozilla and Linux to contend with.