Microsoft Security Bulletin Overview January 2011 - gHacks Tech News

Microsoft Security Bulletin Overview January 2011

The second Tuesday of a month is Microsoft's patch day where the software company releases security patches and fixes for its products. The first patch day of the year 2011 brings two security bulletins that patch vulnerabilities in the Windows operating system. MS11-002 patches vulnerabilities in Microsoft Data Access Components that could allow remote code execution. The maximum severity rating of the vulnerability is critical, the highest possible rating.

A closer look at the security vulnerability reveals that is is rated critical for all 32-bit and 64-bit Windows client operating systems from Windows XP to Windows 7. The same vulnerability is rated as important for all server based operating systems.

The second vulnerability, MS11-001, has a maximum severity rating of important. It fixes a vulnerability in the Windows Backup Manager that could allow remote code execution. The vulnerability affects only the Windows Vista operating system.

  • MS11-002 - Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910) - This security update resolves two privately reported vulnerabilities in Microsoft Data Access Components. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-001 - Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935) - This security update resolves a publicly disclosed vulnerability in Windows Backup Manager. The vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the legitimate file from that location, which in turn could cause Windows Backup Manager to load the specially crafted library file.

Severity and Exploitability Index

Bulletin Deployment Priority

6153.deploy_2D00_1101

The images have been taken from the Technet announcement which offers further information about the vulnerabilities and patch deployment.

Windows users are advised to apply the patches as soon as possible to protect their system from possible exploits. The patches can be applied directly via Windows Update or directly from Microsoft Download.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Paul(us) said on January 12, 2011 at 1:13 am
      Reply

      Thanks again Martin, for this month ferry illuminating piece about this mouths Microsoft security updates.

    2. ilev said on January 12, 2011 at 10:18 am
      Reply

      No fixing the hole in all version of IE.

      It time to fix 20 years old (win 95) holes.

    3. mentor said on January 12, 2011 at 3:48 pm
      Reply

      Good to see security patch before service pack release..

    Leave a Reply