Microsoft kicks off 2011 with light patch load

Powered by SC Magazine
 

Two fixes for three vulnerabilities.

Microsoft kicked off the year with two bulletins as part of its January security update.

One of the patches is rated "critical" and corrects two vulnerabilities in all supported versions of Windows. The flaws, which affect Microsoft Data Access Components, could allow an attacker to execute remote code on an affected system if a user views a specially crafted web page.

The other bulletin earned an "important" designation and plugs one publicly disclosed flaw affecting Windows Vista. The flaw, which affects Backup Manager, could also allow remote code execution.

Microsoft said it is not aware of any active attacks that exploit the vulnerabilities addressed in this month's release.

“It should be a fairly light day for everyone,” Tyler Reguly, technical manager of security research and development at vulnerability management firm nCircle, said in a statement.

But January's modest update leaves several known flaws without patches.

The most severe of the outstanding vulnerabilities is a style sheet load bug affecting all versions of Internet Explorer that was made public late last month. In lieu of an immediate patch, the software giant this week released a suggested workaround for the flaw, which is being exploited in “limited” in-the-wild attacks.

Yesterday's update also left unpatched a zero-day Windows Graphics Rendering Engine vulnerability.

“It remains to be seen whether or not Microsoft will provide out-of-band patches for the zero-day issues that are poised to wreak havoc in enterprise environments, or if we will have to play "hurry up and wait" until Patch Tuesday in February,” Paul Henry, security and forensic analyst at vulnerability management firm Lumension, said in a statement.

February's patches are due on the 8th.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft kicks off 2011 with light patch load
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Optus expands 4G coverage
Oct 10, 2014
If you rely on an Optus phone for work you might be interested to know that there are now 200 ...
Microsoft Office is now free for some charities
Oct 10, 2014
Microsoft has announced that eligible Australian non-profit organisations and charities can now ...
Vodafone lights up 4G in Adelaide
Oct 9, 2014
Live and work in Adelaide? Vodafone has switched on its 4G network in the city and suburbs.
Next year tradies will be able to take payments using ingogo
Oct 3, 2014
Ingogo is going to provide a card payment service for Xero users.
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  26%
TOTAL VOTES: 326

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 134

Vote