Patch frenzy erupts after August Patch Tuesday

Stephen Withers
Wednesday, 13 August 2008 05:37

Your IT - Home IT

With 26 vulnerabilities covered, August's Patch Tuesday was a biggie! Microsoft issued 11 bulletins, but 12 were expected. What has Microsoft applied the band-aids to, and what is yet to be patched?

Patch Tuesday was a ritual Microsoft once thought it could abolish for Windows Vista, if not for its entire product line. But 26 patched vulnerabilities – including one in Vista itself - shows that was a forlorn a hope, and how much work Microsoft has to keep putting in to  ensure its products are as safe as possible.

Before we get into all the detail of what was patched and why, here's what wasn't: a critical flaw in Windows Media Player.

There's no indication from Microsoft's Security Response Center (MSRC) about when that update will be issued, but if it really is as critical as its rating suggests, there's a possibility of its release before September's Patch Tuesday.

MSRC release manager Tami Gallupe gave no clues as to the nature of the underlying problem or progress on the fix, referring only to "a last minute quality issue".

So what has been fixed in Windows?

A patch for the Windows Image Color Management System is rated critical. It allows remote code execution if a user can be persuaded to open a maliciously crafted image. Since that includes images within web pages and emails, it needn't be a particularly difficult task when victims are unwary.

Internet Explorer patches and more on page two.