We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Latest Microsoft patch fixes just one bug

Flaw found in desktop & server Windows versions

Microsoft will patch just one bug in its first security release of 2009.

The release, which will be made available next Tuesday, is a critical patch for server and desktop versions of Windows and fixes at least one bug that could allow attackers to install unauthorised software on a victim's computer.

Microsoft did not say which bugs it would be fixing with next week's updates, but the company has several to choose from. In the past month, Microsoft has warned of flaws in its WordPad Text Converter and SQL Server database software.

Microsoft Windows Vista review

Microsoft Windows XP review

The researcher who disclosed the SQL Server flaw said recently that Microsoft has known about the issue since April, and had written a patch for it back in September.

One security researcher has also claimed that there is a bug in Microsoft's Windows Media Player, but Microsoft has disputed his findings.

But none of these flaws is in all versions of the underlying Windows operating system, which are being patched next week. According to nCircle's director of security operations, Andrew Storms, Microsoft could be fixing a known Windows flaw that would allow hackers to gain unauthorised privileges on a computer.

"An exploit has already been published for some time along with a whitepaper by the author," Storms said.

Microsoft has offered workarounds for this flaw already, but it has now had enough time to prepare a full-blown security patch, Storms said.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

However, the security researcher who found the flaw said he doesn't expect to see it patched next week. "I don't think they will patch my bug because it's rated critical (remote code execution) and my bug is about local elevation of privileges," said Cesar Cerrudo, chief executive of security research firm Argeniss.

Local elevation of privilege flaws are not typically considered critical, although Storms said Microsoft may have discovered while fixing the problem that it was more severe than previously thought.

The update comes nearly a month after Microsoft was forced to issue an emergency patch for Internet Explorer, after criminals began exploiting the flaw to install password-stealing software on victims' machines.

See also: 'Why we failed' - Microsoft admits IE bug mistakes


IDG UK Sites

Best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more this...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

10 mind-blowing Oculus Rift experiments that reveal VR's practical potential

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & other Black Friday tech offers