Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft kicked off the year with two bulletins as part of its January security update.
One of the patches is rated "critical" and corrects two vulnerabilities in all supported versions of Windows. The flaws, which affect Microsoft Data Access Components, could allow an attacker to execute remote code on an affected system if a user views a specially crafted web page.
The other bulletin earned an "important" designation and plugs one publicly disclosed flaw affecting Windows Vista. The flaw, which affects Backup Manager, could also allow remote code execution.
Microsoft said it is not aware of any active attacks that exploit the vulnerabilities addressed in this month's release.
“It should be a fairly light day for everyone,” Tyler Reguly, technical manager of security research and development at vulnerability management firm nCircle, said in a statement.
But January's modest update leaves several known flaws without patches.
The most severe of the outstanding vulnerabilities is a style sheet load bug affecting all versions of Internet Explorer that was made public late last month. In lieu of an immediate patch, the software giant this week released a suggested workaround for the flaw, which is being exploited in “limited” in-the-wild attacks.
Yesterday's update also left unpatched a zero-day Windows Graphics Rendering Engine vulnerability.
“It remains to be seen whether or not Microsoft will provide out-of-band patches for the zero-day issues that are poised to wreak havoc in enterprise environments, or if we will have to play "hurry up and wait" until Patch Tuesday in February,” Paul Henry, security and forensic analyst at vulnerability management firm Lumension, said in a statement.
February's patches are due on the 8th.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.