Posted by: Tony Bradley
Flaw, Microsoft, Patch, Patch Tuesday, security, security bulletins, update, Vulnerability
There are some records that are good to achieve–most copies of Windows sold in a month, or most profitable quarter in company history, etc. Then, there are less desirable records, like say….the highest number of security bulletins, or the most vulnerabilities patched in a single Patch Tuesday.
According to Qualys CTO Wolfgang Kandek, the February Patch Tuesday was on track to do just that. “Microsoft’s February 2010 was slated to be the biggest release for Microsoft patches in the last two years–14 bulletins addressing 34 vulnerabilities. But the Google/CN Internet Explorer 0-day forced Microsoft to accelerate the testing of the planned IE bulletin and release it early, still in January. That leaves 13 bulletins covering 26 vulnerabilities for the February release, which constitutes one of the bigger patch Tuesdays.”
So, thanks to a stealth attack launched in China against Google and other targets leveraging a zero-day exploit against Internet Explorer, the out-of-band update for IE saved February 2010 from the dubious honor of most security bulletins, and reduced it to a meager record-tying month.