Microsoft January 2011 Patches Released

Microsoft has released their January 2011 security updates. There are only two bulletins in this release.

It is important to bear in mind what is NOT in this January 2011 release. Microsoft has elected to not provide patches for two known vulnerabilities in Internet Explorer that are being exploited in the wild right now. One is CVE-2010-3971 (http://www.microsoft.com/technet/security/advisory/2490606.mspx) and the other is CVE-2010-3970 http://www.microsoft.com/technet/security/advisory/2488013.mspx. So if your IPS vendor provides detection you might want to consider getting the associated filters in place if possible.

One more final thought: Please consider if it is safe to deploy Outlook 2007 update KB2412171 in your environment(described at http://blogs.msdn.com/b/outlook/archive/2010/12/17/issues-with-the-recent-update-for-outlook-2007.aspx). My general philosophy in cases like this is “better safe than sorry”, so I recommend you delay deploying KB2412171 until we are sure it is safe to do so.

References:
http://isc.sans.edu/diary.html?storyid=10252
http://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx
http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Leave a Reply