Microsoft kicks off 2011 with light patch load

Powered by SC Magazine
 

Two fixes for three vulnerabilities.

Microsoft kicked off the year with two bulletins as part of its January security update.

One of the patches is rated "critical" and corrects two vulnerabilities in all supported versions of Windows. The flaws, which affect Microsoft Data Access Components, could allow an attacker to execute remote code on an affected system if a user views a specially crafted web page.

The other bulletin earned an "important" designation and plugs one publicly disclosed flaw affecting Windows Vista. The flaw, which affects Backup Manager, could also allow remote code execution.

Microsoft said it is not aware of any active attacks that exploit the vulnerabilities addressed in this month's release.

“It should be a fairly light day for everyone,” Tyler Reguly, technical manager of security research and development at vulnerability management firm nCircle, said in a statement.

But January's modest update leaves several known flaws without patches.

The most severe of the outstanding vulnerabilities is a style sheet load bug affecting all versions of Internet Explorer that was made public late last month. In lieu of an immediate patch, the software giant this week released a suggested workaround for the flaw, which is being exploited in “limited” in-the-wild attacks.

Yesterday's update also left unpatched a zero-day Windows Graphics Rendering Engine vulnerability.

“It remains to be seen whether or not Microsoft will provide out-of-band patches for the zero-day issues that are poised to wreak havoc in enterprise environments, or if we will have to play "hurry up and wait" until Patch Tuesday in February,” Paul Henry, security and forensic analyst at vulnerability management firm Lumension, said in a statement.

February's patches are due on the 8th.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft kicks off 2011 with light patch load
 
 
 
Top Stories
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
This 4G smartphone costs $219
Sep 3, 2014
It's possible to spend a lot less on a smartphone if you're prepared to go with a brand you ...
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1092

Vote