Compared to November and December 2009, the first Patch Tuesday of 2010 was a minor one. As Microsoft explained last week, there was just 1 security bulletin which referred to 1 security vulnerability. The vulnerability in question is rated critical for Windows 2000 and low for other Windows versions (including XP, Vista and Windows 7). And that’s pretty much all we knew about this topic until now.
Microsoft releases details about the updates it releases, after they are released. Makes sense, since you wouldn’t want the bad guys to know about a vulnerability before Microsoft has a chance to fix it. Now that the critical vulnerability mentioned above has been addressed, the Redmond-based software giant has released more details about this month’s Patch Tuesday. Here they are below:
Title: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
Description: The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software:
Microsoft Windows 2000 Service Pack 4 Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Windows Server 2008 R2 for x64-based Systems Windows Vista Windows Vista Service Pack 1 Windows Vista Service Pack 2 Windows Vista x64 Edition Windows Vista x64 Edition Service Pack 1 Windows Vista x64 Edition Service Pack 2 Windows XP Professional x64 Edition Service Pack 2 Windows XP Service Pack 2 Windows XP Service Pack 3
SPONSORED LINKS
The Microsoft Security Response Center (MSRC) has provided these visual representations of the January 2010 Patch Tuesday update.