LinkBack URL
About LinkBacks
SourceComputerworld - Microsoft jumped the gun today by prematurely releasing information on all five of the security updates it plans to ship next Tuesday.
The gaffe is unprecedented, said Andrew Storms, director of security operations at nCircle Security. "I don't remember this ever happening," said Storms.
Microsoft normally publishes the lengthy write-ups -- called "bulletins" by the company -- only when it ships the actual patches that fix the described problems. Under normal circumstances, the bulletins would have appeared around 10 a.m. Pacific, 1 p.m. Eastern, on Tuesday, Sept. 13.
Although the bulletins went live Friday, the updates did not: A quick search of Microsoft's download center, where the updates are typically posted for manual download, did not show any available patches. Nor did the updates apparently reach users through Windows Update or the business-oriented Windows Server Update Services (WSUS).
Yesterday, Microsoft rolled out its usual advance notification for next week's Patch Tuesday, saying that it would issue five updates to patch 15 vulnerabilities in Windows, Excel, SharePoint and other products in its portfolio.
The bulletins confirmed what Microsoft said Thursday: The updates will quash 15 bugs, all rated "important," the second-highest threat ranking in the company's four-step scoring system.
Two of the vulnerabilities are in Windows; five in Excel, the spreadsheet included with Office; two in non-application Office components; and six in SharePoint and associated software, such as Groove and Office Web Apps.
Of the 15, at least two are "DLL load hijacking" vulnerabilities, a term that describes a class of bugs first revealed in August 2010. Microsoft has been patching its software to fix the problem -- which can be exploited by tricking an application into loading a malicious file with the same name as a required dynamic link library, or DLL -- since last November. . .
"It would be a big difference if people had the updates because then [attackers] could compare the old and new binaries," said Storms, referring to a tactic hackers use to try to figure out where the bug is in Microsoft's code.
Seems like these are important patches so be prepared for some downloading this tuesday. Keep safe and up to date
Results 1 to 4 of 4
- Experienced User
- Join Date
- Jul 2010
- Location
- England
- Posts
- 860
- Liked
- 182 times
- Points
- 8,703
Microsoft Leaks Patch Info Four Days Early
Last edited by Student26; 09-10-2011 at 11:52 PM. Reason: added source for those who want to read more
“Nature uses as little as possible of anything.”
- Johannes Kepler
- I'd rather be fishing!
- Join Date
- Jan 2011
- Location
- Minnesota, USA
- Posts
- 3,155
- Liked
- 1543 times
- Points
- 4,220
Thanks for the heads up Student.
Life isn't about waiting for the storm to pass, it's about learning to dance in the rain!
- Righteous Dude
- Join Date
- Aug 2009
- Location
- Bay Area, California
- Posts
- 1,902
- Liked
- 784 times
- Points
- 25,870
http://technet.microsoft.com/en-us/security/bulletin/ms11-sep
A Guy
- Experienced User
- Join Date
- Jul 2010
- Location
- England
- Posts
- 860
- Liked
- 182 times
- Points
- 8,703
Appreciate the info A Guy.
Originally Posted by A Guy 
Reply With Quote
Originally Posted by A Guy 
Similar Threads
-
Win 8 hits retail in January 2013, Win 7 SP2 in 2012 and other info leaks out
By Boyfriend in forum General ForumReplies: 13Last Post: 01-24-2011, 01:48 PM -
Microsoft Metro mouse leaks out, promises BlueTrack for $20
By hsakarp_kahtap in forum HardwareReplies: 7Last Post: 09-25-2010, 03:55 AM -
Microsoft Refuses To Patch Alureon Rootkit-Compromised XP Machines
By leofelix in forum Security BulletinReplies: 2Last Post: 04-22-2010, 05:25 AM -
Microsoft to issue emergency IE patch Thursday
By A Guy in forum General ForumReplies: 0Last Post: 01-21-2010, 01:08 PM -
Microsoft releases Patch Registration Cleanup Tool
By leofelix in forum General ForumReplies: 0Last Post: 10-14-2009, 12:01 AM
