A Slow Patch Tuesday
Patch Tuesdays are always unpredictable. Some months are brutal, others are cake walks. This Tuesday is the latter. Get this: There are only two patches! Two measly patches! As usual, remote code execution is the culprit in both.
That's the good news. The bad news is there are a couple of flaws that are known but not yet fixed.
One flaw involves the graphics rendering engine for Windows, and impacts XP, Vista and Windows Server 2008. Hackers can create image files that can create stack overflows to gain access to elevated privileges. So far no attacks have been reported.
Two other flaws, also remote code execution-related, are being looked at. One involves IE and the other involved the FTP features built into Windows Server 2008 and Windows 7. While not yet fully plugged, you can cover up the IE hole by using the Enhanced Migration Toolkit. And as always, using a firewall and updated antimalware software is a good idea.
Posted by Doug Barney on 01/07/2011 at 1:18 PM