Two Things Not Patched in the January 2011 Microsoft Patch Bundle

Next week’s January 2011 Microsoft patches will NOT include a fix for two of the known, currently exploited vulnerabilites in Internet Explorer. One is CVE-2010-3971 and the other is described at http://www.microsoft.com/technet/security/advisory/2488013.mspx. So if your IPS vendor provides detection you might want to consider getting the associated filters in place if possible.

References:
http://www.microsoft.com/technet/security/advisory/2488013.mspx.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3971

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Leave a Reply