Microsoft has issued advanced notice of the bugs it will be squashing next Tuesday. Traditionally Microsoft releases updates to its Windows operating system on the second Tuesday of the month which is often referred to as “Patch Tuesday”.
In the advance notice Microsoft have announced twelve fixes which historically is a huge number of fixes. January’s patch Tuesday had just two security updates one for Windows Backup Manager (only on Vista) and one for WDAC (Data Access Components) across all supported versions of Windows. The key question is will Microsoft fix the much publicized MHTML problem and it looks like the answer is no.
Of the twelve patches only three are marked as critical. The first one is an update for Windows and Internet Explorer and only affects IE 6, 7 and 8. The MHTML problem is present in all supported versions of Windows, irrespective of the version of IE installed. The second update doesn’t apply to Windows 7, so again this can’t be the MHTML problem and the third critical update is actually only critical for Vista and Windows 7, for XP it is marked as important.
So, it looks like patch Tuesday won’t bring a patch for the MHTML problem. That means it will be another month until Microsoft get a fix out the door. Of course, we all understand the need for proper software engineering processes and Microsoft don’t want to rush out a patch which will actually break other things. But, it is no surprise that the day after patch Tuesday is getting to be known as exploit Wednesday and it looks like this coming Wednesday the hackers will be working hard to craft specially formed websites to catch Windows users who haven’t applied the Microsoft Fixit.