Microsoft Security Bulletin Advance Notification for January 2011

ronjor · Jan 6, 2011

Published: January 06, 2011

Microsoft Security Bulletin Advance Notification issued: January 6, 2011
Microsoft Security Bulletins to be issued: January 11, 2011

This is an advance notification of security bulletins that Microsoft is intending to release on January 11, 2011.

This bulletin advance notification will be replaced with the January bulletin summary on January 11, 2011. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on January 12, 2011, at 11:00 AM Pacific Time (US & Canada). Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Click to expand...

Microsoft

Note: See executive summaries in this bulletin.

ronjor · Jan 6, 2011

Advance Notification Service for the January 2011 Security Bulletin Release

Hello everyone -

It's a new year and the Microsoft Security Response Center is ready to provide the Advance Notice for January's security bulletins. We have two bulletins addressing three vulnerabilities in Windows.

The first bulletin is Important and affects Windows Vista. The second bulletin has an aggregate of Critical and all supported versions of Windows are affected. As always, we recommend that customers deploy these updates as soon as possible.

This month we will not be releasing updates to address Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer). We continue to actively monitor both vulnerabilities and for Advisory 2488013 we have started to see targeted attacks. If customers have not already, we recommend they consult the Advisory for the mitigation recommendations. We continue to watch the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.
Click to expand...

Microsoft

m00nbl00d · Jan 6, 2011

If customers have not already, we recommend they consult the Advisory for the mitigation recommendations. We continue to watch the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.
Click to expand...

Yeah... I bet 99% of Windows users do keep track of such.

BoerenkoolMetWorst · Jan 7, 2011

It seems the win32k.sys stack overflow vulnerability that wasn't fixed last time isn't fixed this time either, and now they also don't fix the graphics rendering and IE vulnerability. Way to go Microsoft...

ronjor · Jan 11, 2011

January 2011 Security Bulletin Release

Today as part of our monthly security bulletin release we have two bulletins addressing three vulnerabilities in Microsoft Windows and Windows Server. This first bulletin is rated Important, while the second is rated Critical.

* MS11-001. This bulletin resolves one reported issue rated Important and affecting Windows Vista. This security bulletin addresses a vulnerability in Windows Backup Manager. This has an Exploitability Index rating of 1, and gets a 2 on our deployment priority list.
* MS11-002. This bulletin addresses two vulnerabilities affecting all supported versions of Windows. The first vulnerability is rated Critical for Windows XP, Vista and Windows 7 and the second rated Important for all supported versions of Windows Server. It involves the Microsoft Data Access Components (MDAC). This has an Exploitability Index rating of 1, and because there is a web based attack vector, this is at the top of our deployment priority list.

We are not aware of Proof of Concept code or of any active attacks seeking to exploit the vulnerabilities addressed in this month's release.

In the video below, Jerry Bryant discusses this month's bulletins in further detail:
Click to expand...

Microsoft

JRViejo · Jan 19, 2011

Attack code for a Windows vulnerability that Microsoft patched last week was released by a researcher one day after the company fixed the flaw.

The bug, which Microsoft rated "critical" -- its highest threat ranking -- was first reported more than nine months earlier when its discoverer used it in a one-two punch against Internet Explorer 8 ( IE8 ) that won him $10,000 in a hacking challenge.

Peter Vreugdenhil, then an independent Dutch researcher but now employed by HP TippingPoint, the sponsor of the Pwn2Own contest, used the vulnerability to sidestep one of Windows 7's most important anti-exploit defenses, ASLR (address space layout randomization).
Click to expand...

Researcher releases attack code for just-patched Windows bug by Gregg Keizer.

Log in or Sign up

Microsoft Security Bulletin Advance Notification for January 2011

ronjor Global Moderator

ronjor Global Moderator

m00nbl00d Registered Member

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

JRViejo Super Moderator

Log in or Sign up

Microsoft Security Bulletin Advance Notification for January 2011

ronjor Global Moderator

ronjor Global Moderator

m00nbl00d Registered Member

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

JRViejo Super Moderator

Useful Searches