Yesterday turned out to be a very low-key day for Microsoft. It released its one and only one security update for its scheduled Tuesday release. The single patch, MS09-001, was rated as "critical" and affects Windows 2000, Windows XP, Windows Server, Windows Vista and Windows Server 2008. The patch addresses an Server Message Block vulnerability that could allow remote code execution. Microsoft describes the patch as follows:
"This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed."
Although Microsoft only released one patch, it is rated critical and it should be applied to the affected operating systems.
If just one critical patch per cycle is an example of things to come for 2009, I am mildly impressed.