A Slow Patch Tuesday -- Redmondmag.com

Barney's Blog

A Slow Patch Tuesday

Patch Tuesdays are always unpredictable. Some months are brutal, others are cake walks. This Tuesday is the latter. Get this: There are only two patches! Two measly patches! As usual, remote code execution is the culprit in both.

That's the good news. The bad news is there are a couple of flaws that are known but not yet fixed.

One flaw involves the graphics rendering engine for Windows, and impacts XP, Vista and Windows Server 2008. Hackers can create image files that can create stack overflows to gain access to elevated privileges. So far no attacks have been reported.

Two other flaws, also remote code execution-related, are being looked at. One involves IE and the other involved the FTP features built into Windows Server 2008 and Windows 7. While not yet fully plugged, you can cover up the IE hole by using the Enhanced Migration Toolkit. And as always, using a firewall and updated antimalware software is a good idea.

Posted by Doug Barney on 01/07/2011 at 1:18 PM

Featured

Microsoft Designer Hits General Availability, Expands to Mobile

Microsoft Designer, the company's AI-powered design tool, officially hit general availability on Wednesday after being unveiled during Ignite 2022.
Build Your Own Custom Copilot, Part 1: Getting Started

With Microsoft's Copilot Studio, it's easy to get up and running in just a few minutes.
Microsoft Purview Data Governance Solution Launching in September

Microsoft's Purview Data Governance, the company's AI-powered solution designed to address governance and security challenges under one unified umbrella, will hit general availability on Sept. 1.
Security Giant Kaspersky Shutters U.S. Operations

Days before a ban on sales of its security software was set to take effect, Kaspersky announced it would end its U.S. operations.
CISOs Believe AI Has 'Already Surpassed' Their IT Security Teams: Survey

AI has its naysayers, but many chief information security officers (CISOs) are not among them.