February '11 Patch Tuesday: 12 Bulletins, 22 Vulnerabilities
As part of the Patch Tuesday program (fixes and patches are released every second Tuesday of the month), Redmond-based software giant Microsoft rolled out only 2 bulletins that addressed a mere 3 vulnerabilities this January. It was an unimpressive Patch Tuesday in January but for February 2011Microsoft is kicking things into high gear.
This February, as part of the Patch Tuesday Program, Microsoft will roll out 12 security bulletins that are meant to address a grand total of 22 vulnerabilities. The vulnerabilities plague the Windows operating system, the Internet Explorer web browser, the Office productivity suite, the Visual Studio integrated development environment, and IIS (Internet Information Services).
SPONSORED LINKS
Out of the 12 bulletins Microsoft will roll out this February, 3 are rated as critical while the remaining 9 are rated as important. The critical rating refers to vulnerabilities whose exploitation could allow the propagation of an Internet worm without user action. The important rating refers to vulnerabilities whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
The first vulnerability of 2011, the vulnerability that plagues the Windows Graphics Rendering Engine and is described in Security Advisory 2490606, will be addressed this month. The vulnerability affects Windows XP, Vista, Server 2003, and Server 2008 but it does not affect Windows 7 nor does it affect Windows Server 2008 R2. The vulnerability could be used by someone with malicious intent to inject and execute arbitrary code; the attacker could take control of a targeted machine if the user is logged on with administrative rights. To exploit the vulnerability that someone with malicious intent would have to send an e-mail with an attached Microsoft Word or PowerPoint file containing a specially crafted thumbnail image and convince the recipient to open it.
If you want to learn more about this month’s Patch Tuesday, an advance notification for the January 2011 Patch Tuesday has been posted online here.