Patch Tuesday Wednesday (JAN-2010)

I was on holiday for this month’s Patch Tuesday *happy, happy, joy, joy!*, so here is a late recap on this month’s patching including the out of band patch issued later in the month.

This month we have one (1) new security bulletin, and one (1) out of band patch issued later in the month. A restart will be required.

For our first bulletin release of the New Year, we have one Critical bulletin affecting all versions of Windows. The bulletin, MS10-001, addresses one vulnerability in the Embedded OpenType Font Engine and is Critical on Windows 2000. For all other versions of Windows, the vulnerability gets a Low rating. [1]

Bulletin KB number Description Severity Impact Software
MS10-001 972270 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution Remote Code Execution Critical Microsoft Windows

Out of Band Patch

Bulletin KB number Description Severity Impact Software
MS10-002 978207 Cumulative Security Update for Internet Explorer Remote Code Execution Critical Microsoft Windows

For this month:

re MS10-002;

While all versions of Internet Explorer are affected, the risk for everyone running Internet Explorer 8 is lower since it has DEP (Data Execution Prevention) enabled by default. DEP makes exploitation of this vulnerability more difficult so as a temporary workaround you might want to enable it for older IEs (keep in mind that it might break some add-ons). — SANS [7]

PATCH NOW:
NOW: MS10-002 !

CRP10-002

This entry was posted in microsoft, patch, Patch_Tuesday, security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.