Microsoft To Patch One Windows Security Flaw Tuesday
The solitary error, which Microsoft is scheduled to fix on Tuesday, was given the maximum severity rating of "critical," generally indicating that the vulnerability allows attackers to execute malicious code remotely in order to enter users' computers and steal information.
Microsoft did not specify which holes will be plugged in its Windows operating systems, or how many errors the patch will fix. However, the company indicated that the patch affected numerous versions of Windows, including 2000, XP, Vista, Server 2003 and Server 2008.
Users will be able to download the January security update directly from the Microsoft Web site Tuesday.
The single security bulletin for the January Patch Tuesday release comes as a stark contrast to a spate of heavy security bulletins and serious out of band patches Microsoft issued during the last three months of 2008. After going for more than a year without an out-of-band patch, Microsoft released an emergency patch for a malicious Internet worm in October that compromised users' computers by infecting them with malicious code without any user intervention.
The company then issued another out-of-band patch in December fixing an Internet Explorer bug found in the Web browser's data binding function. The company issued the patch upon discovery that hackers had launched attacks exploiting the IE vulnerability to infiltrate and take control of users' machines for financial gain.