I ordinarily don’t mention Patch Tuesday because like death and taxes it seems inevitable, only monthly. But since there seems to be a backlog of nasty stuff, it’s worth taking note of what is coming next Tuesday. Ryan Naraine has the story at eWeek:
Microsoft Corp. has announced plans to ship two security bulletins on Patch Tuesday next week, and security analysts say it’s a safe bet that one will cover critical flaws in the Internet Explorer browser.
As part of its advance notice mechanism, Microsoft said at least one of the two bulletins will be rated “critical,” but details are being withheld until Dec. 13.
“I’d be shocked if they didn’t issue a fix for IE,” said Marc Maiffret, co-founder and chief hacking officer at eEye Digital security, a research company that regularly reports software flaws to Microsoft.
Maiffret noted that at least one unpatched IE flaw was being exploited by malicious hackers to plant backdoors on vulnerable machines; he argued that Microsoft should act responsibly and ship an IE update.
Even after Patch Tuesday, Maiffret said that several dangerous Windows flaws will remain unpatched.
More by following the link and the Microsoft Advance Notification Bulletin is available here.