Microsofts first Patch Tuesday for 2008 will be unusually quiet.
The Redmond, Wash. software maker plans to ship just two security bulletins on Jan. 8 to patch code execution vulnerabilities in the Windows operating system.
One of the two bulletins will be rated “critical,” Microsofts highest severity rating. The second is rated “important.”
According to information in the companys advance notice mechanism, the “critical” bulletin affects all versions of Windows, including Windows Vista.
The second issue, described as a privilege escalation risk, affects Windows 2000, Windows XP and Windows Server 2003.
According to FrSIRTs Zero Day Monitor, there are two unpatched flaws affecting Microsoft Windows users. One is a hole in the Microsoft DirectX Media SDK, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. The second is a buffer overflow in the Microsoft Windows CFileFind Class “FindFile()” function.
Last year, Microsoft shipped a total of 69 security bulletins.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines Security Watch blog.