Microsoft is starting off the New Year by giving most Windows administrators a break, announcing plans to release a single update correcting a critical vulnerability affecting Windows 2000 during its regular patching schedule next week.
No vulnerability details have been released, but Microsoft said it gave the flaw a low rating for all other platforms.
"Customers with Windows 2000 systems will want to review and deploy this update as soon as possible but, as we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high which lowers the overall risk," said Microsoft security program manager Jerry Bryant in the Microsoft Security Response Center blog.
Bryant said it would not patch a vulnerability in the protocol that handles messages between devices on a network for its newest Windows 7 operating system.
A denial-of-service (DoS) vulnerability contained in the Server Message Block (SMB) was discovered in November. It affects both Windows 7 SMBv1 and SMBv2. Microsoft engineers are continuing to test a patch for the flaw. The hole enables an attacker to crash a Windows 7 machine. In its advisory, Microsoft said the Windows 7 DoS vulnerability could be exploited if a victim visits a malicious website. It also affects users of Windows Server 2008.
In December, Microsoft addressed five vulnerabilities in Internet Explorer, including a serious zero-day flaw, a flawed ActiveX control that enabled attackers to gain access to a victim's system. Microsoft issued six bulletins in December, three critical, repairing 12 vulnerabilities across its product line.