Microsoft will patch TIFF security hole but leave XP zero-day untouched

Microsoft will patch TIFF security hole but leave XP zero-day untouched

Microsoft today gave advanced warning of a series of patches that are due for release next week. In total 11 patches are to be released, five of them classed as Critical and six as Important. One month after issuing a security advisory about a problem that could be exploited with a specially crafted TIFF file is to be addressed.

Users of Windows XP and Windows Server 2003 are not so lucky as a security hole in a kernel component is to remain unpatched. If exploited, the problem could allow malicious code to be executed with elevated rights.

A blog post by the Microsoft Security Response Center explains:

"This release won’t include an update for the issue described in Security Advisory 2914486. We’re still working to develop a security update and we’ll release it when ready. Until then, we recommend folks review the advisory and apply the suggested workaround on their Windows XP and Windows Server 2003 systems. Customers with more recent versions of Windows are not affected by this issue."

The 11 bulletins will be released on this month's Patch Tuesday -- 10 December.