Microsoft kicks off 2011 with light patch load

Powered by SC Magazine
 

Two fixes for three vulnerabilities.

Microsoft kicked off the year with two bulletins as part of its January security update.

One of the patches is rated "critical" and corrects two vulnerabilities in all supported versions of Windows. The flaws, which affect Microsoft Data Access Components, could allow an attacker to execute remote code on an affected system if a user views a specially crafted web page.

The other bulletin earned an "important" designation and plugs one publicly disclosed flaw affecting Windows Vista. The flaw, which affects Backup Manager, could also allow remote code execution.

Microsoft said it is not aware of any active attacks that exploit the vulnerabilities addressed in this month's release.

“It should be a fairly light day for everyone,” Tyler Reguly, technical manager of security research and development at vulnerability management firm nCircle, said in a statement.

But January's modest update leaves several known flaws without patches.

The most severe of the outstanding vulnerabilities is a style sheet load bug affecting all versions of Internet Explorer that was made public late last month. In lieu of an immediate patch, the software giant this week released a suggested workaround for the flaw, which is being exploited in “limited” in-the-wild attacks.

Yesterday's update also left unpatched a zero-day Windows Graphics Rendering Engine vulnerability.

“It remains to be seen whether or not Microsoft will provide out-of-band patches for the zero-day issues that are poised to wreak havoc in enterprise environments, or if we will have to play "hurry up and wait" until Patch Tuesday in February,” Paul Henry, security and forensic analyst at vulnerability management firm Lumension, said in a statement.

February's patches are due on the 8th.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft kicks off 2011 with light patch load
 
 
 
Top Stories
Inside the stalemate on Australia's piracy code
Still not registered almost five months on.
 
IT staff outline deep anger in Macquarie Uni survey
‘Morale at lowest point in a decade’.
 
Cost blowout to push NBN past $41bn budget
But government funding cap to remain.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Say goodbye to OneDrive Groups
Aug 28, 2015
If you've a) actually been using OneDrive and b) gone so far as to actually have been using ...
Libreoffice 5 review
Aug 24, 2015
It's free! It's open! But does LibreOffice deliver on its promise of a powerful office suite for ...
How to disable Cortana in Windows 10
Aug 21, 2015
Stop Microsoft's personal assistant snooping around.
Uni is optional: 5 tech leaders without a degree
Aug 17, 2015
Already running a business, but thinking about going back to uni? From Bill Gates to Steve Jobs, ...
New features coming to Xero
Aug 17, 2015
Use Xero? Here are some of the things you can look forward to in the coming months.
Latest Comments
Polls
New Windows 10 users, are you upgrading from...




   |   View results
Windows 8
  48%
 
Windows 7
  44%
 
Windows XP
  4%
 
Another operating system
  2%
 
Windows Vista
  1%
TOTAL VOTES: 669

Vote