Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Lumension Comments On Light Patch Tuesday To Start New Year

Lumension Security : 13 January, 2011  (Technical Article)
Despite few bulletins, patch release from Microsoft requires restart so may cause some new year disruption for IT Administrators
It’s a light patch Tuesday to kick off 2011 and Paul Henry, Forensic and Security Analyst at Lumension comments, “This first Patch Tuesday in 2011 addresses the following Microsoft issues:

*         Bulletin one addresses issues that are critical on Windows XP SP3, Vista and Windows 7 and issues that are important on Windows Server 2003, Windows Server 2008 and Windows Server 2009 R2

*         Bulletin two addresses issues that are important on Windows Vista


“This patch Tuesday has the potential to be disruptive as the bulletins may require a restart.  And once these issues are resolved, that doesn’t mean we’re in the clear.


“Unfortunately, we still have multiple Microsoft Day Zero issues that have not been addressed by today's release, most importantly:

*         CVE-2010-3971 - Internet Explorer 6/7/8 vulnerability in recursive style sheet importing

*         CVE-2010-3970 - Windows graphics rendering engine vulnerability in parsing BMP thumbnails embedded within an OLESS document container


“All in all, today’s light patch load is nothing to get excited about - it remains to be seen whether or not Microsoft will provide Out-of-Band Patches for the Day Zero issues that are poised to wreak havoc in enterprise environments or if we will have to play "hurry up and wait" until Patch Tuesday in February. Further, Microsoft faces additional pressure, as it is expected that additional issues will be discovered in Internet Explorer (as well as other browsers including Chrome, Firefox, Opera and Safari) since the release of Michal Zalewski's "cross_fuzz" Browser Fuzzing Tool that will need to be addressed quickly.


“Other notable patch news includes the recent release of Apple’s OS v10.6.6, which was pushed out with Mac App Store and fixes a man-in-the-middle vulnerability CVE-ID: CVE-2010-4013."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo