Microsoft releases new security updates for its Windows operating system and other products every second Tuesday of the month. But this month, at least briefly, someone at Microsoft jumped the gun and released the full security bulletins for the next Windows update on Friday, four days before they were scheduled to be released. Ars Technica reports that the security bulletins were taken down about an hour after they were inadvertently released.
The big danger is that hackers could potentially have checked out exactly what security flaws were due to be fixed in Tuesday's Windows patch update and create attacks before the update is released on Windows-based PCs. However, Wolfgang Kandek, the chief technology officer at security company Qualys, believes there isn't much to worry about, saying, "I don't believe there is any heightened security risk with the early exposure. If the patches (i.e., the binaries) themselves had been revealed then indeed it would give attackers a 4-day head start."
Officially a Microsoft statement admits, "Microsoft inadvertently displayed draft text of September's bulletin summary, five bulletins, and a security advisory update intended for release on Tuesday, Sept. 13. The draft text was removed as soon as the issue was discovered. We are not aware of any customer impact and are monitoring the issue."
The next security update will have five separate patches that fix a total of 15 different security exploits. The fixes are for Windows and Microsoft Offices users as well as for users of the SharePoint 2007 and 2010 applications.
5 Comments - Add comment