Microsoft kicks off 2011 with light patch load

Powered by SC Magazine
 

Two fixes for three vulnerabilities.

Microsoft kicked off the year with two bulletins as part of its January security update.

One of the patches is rated "critical" and corrects two vulnerabilities in all supported versions of Windows. The flaws, which affect Microsoft Data Access Components, could allow an attacker to execute remote code on an affected system if a user views a specially crafted web page.

The other bulletin earned an "important" designation and plugs one publicly disclosed flaw affecting Windows Vista. The flaw, which affects Backup Manager, could also allow remote code execution.

Microsoft said it is not aware of any active attacks that exploit the vulnerabilities addressed in this month's release.

“It should be a fairly light day for everyone,” Tyler Reguly, technical manager of security research and development at vulnerability management firm nCircle, said in a statement.

But January's modest update leaves several known flaws without patches.

The most severe of the outstanding vulnerabilities is a style sheet load bug affecting all versions of Internet Explorer that was made public late last month. In lieu of an immediate patch, the software giant this week released a suggested workaround for the flaw, which is being exploited in “limited” in-the-wild attacks.

Yesterday's update also left unpatched a zero-day Windows Graphics Rendering Engine vulnerability.

“It remains to be seen whether or not Microsoft will provide out-of-band patches for the zero-day issues that are poised to wreak havoc in enterprise environments, or if we will have to play "hurry up and wait" until Patch Tuesday in February,” Paul Henry, security and forensic analyst at vulnerability management firm Lumension, said in a statement.

February's patches are due on the 8th.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft kicks off 2011 with light patch load
 
 
 
Top Stories
Tech SWAT teams kicking down the digital door
From dam engineers in Ecuador to Sydney light-rail gurus, Cardno's global CIO Karen Wagner is linking up her widespread organisation.
 
AusPost board approves Fujitsu outsourcing
End user computing to be handed over to partner.
 
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Xerocon is heading to Melbourne!
Jul 1, 2015
We're not saying Xero is our FAVOURITE or anything, but Xero's 2015 Xerocon conference is being ...
New Microsoft Office apps for Android phones
Jun 26, 2015
Microsoft's latest Office apps for Android now work on phones as well as tablets, further ...
Windows 10 UK price revealed, but don't believe everything you hear
Jun 26, 2015
Windows 10 £99 price tag for users in the UK (who presumably don't already have Win 7 Pro ...
Now Xero notifies iOS users of new transactions
Jun 24, 2015
The latest version of Xero's iPhone app includes notifications when new transactions arrive from ...
Your Essential Cloud Toolbox
Jun 22, 2015
When BIT interviewed Receipt Bank country manager Sophie Hossack, we asked for her thoughts on ...
Latest Comments
Polls
Is site blocking effective in stopping piracy?


   |   View results
Yes
  2%
 
No
  86%
 
Somewhat
  12%
TOTAL VOTES: 603

Vote