Microsoft’s first Patch Tuesday for 2010 will be very light: A solitary bulletin addressing a vulnerability that is rated critical only for Windows 2000 users.
According to Redmond’s advance notice for the next batch of patches due on January 12, the bulletin is rated “low” for every other affected version of Windows, meaning it is “extremely difficult” to exploit or has minimal impact.
Details of the vulnerability being fixed will be kept under wraps until next Tuesday.
In addition to Windows 2000, the issue affects all Windows versions, including XP, Vista and the newest Windows 7.
The fact that this is a quiet Patch Tuesday doesn’t mean there aren’t many outstanding security issues to be fixed by Microsoft. In fact, Microsoft says a known SMB denial-of-service issue (see advisory) will not be fixed this month.
We are still working on an update for the issue at this time. We are not aware of any active attacks using the exploit code that was made public for this vulnerability and continue to encourage customers to follow the guidance in the advisory which outlines best practices to help protect systems against attacks that originate outside of the enterprise perimeter.
Then there is this list of unpatched flaws — many from Microsoft — that has been collecting dust for a while.
IT administrators and Windows users should also keep in mind that Adobe will be shipping critical Reader/Acrobat patches next Tuesday and these should be treated with the utmost priority because of the ongoing attacks in the wild.
Adobe will also be releasing a beta test of its new automatic (silent) updater for Reader and Acrobat.