Microsoft announces another critical Tuesday times four

Stephen Withers
Monday, 08 September 2008 06:00

Your IT - Home IT

Microsoft has given advance notification of four security bulletins - all rated critical - for September's Patch Tuesday. One of them appears to be the Windows Media Player fix that was dropped at the last moment in August.

Microsoft's normal practice is to release security bulletins and associated patches or updates on the second Tuesday of each month, colloquially known as Patch Tuesday.

While this allows system administrators to plan their activities, it does provide a window of opportunity for attackers. Exploits for unaddressed flaws can be put into play on Patch Tuesday, in the knowledge that a fix is unlikely to be delivered for another month.

All four of September's bulletins address issues that can be exploited to allow remote code execution.

The Windows Media Player update is rated critical for WMP 11 on Windows XP,  Vista and Server 2008 (including the x64 versions). It is not applicable to Windows 2000, Server 2003 or Server 2008 for Itanium-based systems.

The update was delayed from August due to "a last minute quality issue." No further explanation was given. There is an argument that if the underlying security issue really was critical, then Microsoft should have released an out-of-cycle update instead of waiting until September 9.

One possible explanation is that the company has not seen any real-life exploits.

What else is being fixed? Find out on page two.