Security Patching by Microsoft for 2011, A Quiet Start
Microsoft, on January 11, 2011, as part of its monthly release of security bulletin under Patch Tuesday that happens on every month's 2nd Tuesday, issued merely 2 patches, repairing an overall 3 security flaws among which just one has been labeled "critical," the highest rating on the software giant's 4-stage scale.
Reveal data that the latest count indicates a large decline as the December 2010 bulletin contained 17 fixes.
Meanwhile, to elaborate on the current fixes, the first patch takes care of a publicly known security flaw within Windows Backup Manager featured within Vista, which has been labeled "important." The flaw, however, doesn't affect the remaining supported OSs existing presently. Moreover, the problem exclusively associates with a more common issue highlighted during August 2010 regarding the manner in which software install external libraries. A file path that isn't adequately qualified could let the remote execution of malicious software.
In particular, to make the attack effective, an attacker requires getting an end-user to access an unreliable location of file system in the remote alternatively access WebDAV share as well as view a genuine file stored in that location so that Windows Backup Manager may upload the maliciously created DLL file.
Moreover, as of the 2nd patch, it addresses 2 privately indicated flaws within Microsoft Data Access Components, which can let the remote running of malicious software (2451910).
The flaws can let the execution of remote malware provided an end-user opens a maliciously created website. A successful exploitation can give the attacker the identical privileges like those of the original computer-user. However, computer-users who've a smaller number of user privileges for their accounts can feel the impact much less compared to those who've administrative user privileges.
Reportedly, there aren't any patches yet for CSS vulnerabilities lately revealed in Windows engine for graphics and Internet Explorer. Nevertheless, Microsoft has issued a tentative fix under the banner "FixIt" for managing the second problem since assaults have been observed across the Web.
And now with the new patches out, Windows-users have been recommended that they should apply them at the earliest towards safeguarding their systems against probable attacks.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 21-01-2011