Microsoft today gave Windows and Windows Server administrators something of a break on this Patch Tuesday announcing...
only four security updates for the desktop and server platforms, although one update was labeled critical.
The critical update, which involves a remote code execution flaw, affects Windows Server 2008, Windows Server 2008 R2, Windows 7 and Windows Vista. Also released was a "moderate" vulnerability involving a denial-of-service vulnerability, and two "important" fixes addressing remote code execution and elevation of privilege problems.
Surprisingly, Microsoft did not issue a permanent fix for the Duqu-related Windows kernel vulnerability some were expecting. The company only issued a temporary fix and will issue the more permanent fix later, although company officials did not say when.
The unpatched "zero-day" vulnerability has been exploited by the Duqu Trojan over the past several months. Microsoft officials said they planned to release an advisory on the kernel-based vulnerability this week.
Windows 7 users will be recipients of all four patches, including the critical one, while Vista users will receive three. The aged Windows XP, which just recently celebrated its 10th anniversary, will not need the critical update, only one of the two "important" vulnerabilities.