Microsoft bizarrely reveal patch Tuesday info early
By Chris Taylor
12/09/2011
Microsoft has uncharacteristically revealed details of next Tuesday's security patches for its Windows operating system and other proprietary software.
According to ComputerWorld.com, Mircrosoft's regular security bulletins - released only once patches have been made available on the second Tuesday of each month - should have appeared at around 10AM PST, or 1PM EST, on September 13th.
However, the Redmond-based company let slip that five updates would address 15 different vulnerabilities on Friday. These range from fixes in the spreadsheet software Excel and other Office components, to the business collaboration tool SharePoint. All five patches are deemed "important", which is the company's second-highest ranking threat level, out of four.
Two of the most severe threats, that should easily be caught by up-to-date patch management software, are so-called "DLL load hijacking" vulnerabilities. These allow hackers to exploit Dynamic-Link Library (DLL) files by tricking an application to load a malicious file with the same name as the DLL.
However, the early leak of the latest security bulletin is probably no more than a simple mistake. Andrew Storms, director of security operations at nCircle Security was cited in a statement by IT Pro Portal as saying that the security release wasn't "terribly exciting" nor "worrisome".
"From what Microsoft had given us yesterday, none of these [bulletins] were terribly exciting or worrisome," he said. "So I see this as an embarrassment of procedure rather than a giant disclosure."
"They might just release the updates, maybe Monday, after deciding to go early to cover the bases. They may do that if they see a huge risk to users in waiting [for Tuesday]," he added.
