Unlike past monthly releases, Microsoft’s security update next Tuesday will be shorter than usual, essentially giving security and IT administrators a rare moment of having an easier time installing security updates.
According to Microsoft’s Security Bulletin Advance Notification for November, issued Thursday, next week’s release will include only two elements: a critical update for the Windows operating system as well as a less-serious “important” Windows update.
Microsoft has been working on a fix for buggy anti-piracy that has been shipping with Windows for the last few years and security experts believe this will be one of the flaws fixed next week. The bug lies in the secdrv.sys driver built by Macrovision that ships with Windows XP, Server 2003, and Vista, but Vista is not vulnerable to the problem, according to Microsoft.
The software vendor is aware of “limited attacks” that exploit this vulnerability to get elevated privileges on a victim’s machine.
Users who are concerned about the vulnerability can remove the secdrv.sys driver, but this software is required in order to play games that are protected by Macrovision’s SafeDisc copy-protection software.
The second update appears to fix a “spoofing” vulnerability in Windows that Microsoft had planned to fix in October, but which was pulled at the last minute.
As is customary, Microsoft didn’t say Thursday what exactly it will be fixing in next week’s updates, but the company did say that the critical update will be for Windows XP and Server 2003 users, while the important update will be for Windows 2000, and Windows Server 2003.
Two sets of patches is far fewer than normal for Microsoft. Last month, Microsoft released six security updates.
Eight security tips that every CIO should know
Vanguard releases new products to improve mainframe security