Same as it ever was, what fun would Tuesdays be without Microsoft issuing software patches?
Microsoft issued two security bulletins to fix three Windows vulnerabilities, getting Patch Tuesday off to a slow start in 2011.
Only one of the bulletins is rated “critical.” That bulletin, MS11-002, covers two vulnerabilities affecting Microsoft Data Access Components. The first of the bugs exists in the way MDAC (Microsoft Data Access Components) validates third-party API usage. The second is due to the way MDAC validates memory allocation. According to Microsoft, both vulnerabilities could be exploited via a specially crafted Web page to allow an attacker to remotely execute code.
Microsoft Security Bulletin Summary for January 2011
It’s Microsoft Patch Tuesday: January 2011
Microsoft Patches 3 Windows Vulnerabilities
Microsoft patches critical Windows drive-by bug
Patch Tuesday: Microsoft plugs ‘drive-by download’ security holes
Microsoft’s January Patch Tuesday: 3 fixes but 5 holes unpatched
Two bulletins from Microsoft on its first Patch Tuesday of 2011 but Internet Explorer zero-day remains uncovered
Microsoft ‘Patch Tuesday’ Doesn’t Address Problem
Microsoft Patch Tuesday Update – 11th January 2011
Microsoft Patch Tuesday Hits One Critical Bug
And, once again, Microsoft patches some holes but leaves others uncovered.
/so, I guess we’ll be doing this again in the near future
Filed under: Blog Entry | Tagged: Attacker, Critical, Exploited, MDAC, Memory Allocation, Microsoft, Microsoft Data Access Components, MS11-002, Patch, Patch Tuesday, Remotely Execute Code, Security Bulletins, Software, Third-Party API Usage, Validates, Vulnerabilities, Web Page, Windows |