- Jan 7, 2011
- 1,362
Microsoft released two patches fixing three vulnerabilities. The first patch (MS11-001) fixes a vulnerability in Windows Backup Manager that could allow remote code execution. It affects Windows Vista Operating system. The second (MS11-002) patch fixes two vulnerabilities in Microsoft Data Access Components (MDAC) that could allow remote code execution as well. This affects all versions of Windows.
What didn't get fixed?
Microsoft didn't released a patch for two well known vulnerabilities, but fortunately they offered a workaround for each one.
The first one is known as Vulnerability in Graphics Rendering Engine (link). This bug is caused by a remotely exploitable flaw in the way that Windows processes thumbnail images in Microsoft Office files. It doesn't affect Windows 7 but it affects other versions and working exploits are known to exist. This Microsoft KB article offers the workaround in the form of "FixIt" buttons. All but Windows 7 users should apply this patch.
The second unpatched vulnerability is the Internet Explorer CSS vulnerability (link) affecting all versions of IE and actively being exploited. Microsoft first recommended enabling EMET for IE to block aspects of the known exploits from being successful. Later they offered a much easier to apply solution in this Microsoft KB article in the form of another "FixIt" button. All Windows users should apply this patch
What didn't get fixed?
Microsoft didn't released a patch for two well known vulnerabilities, but fortunately they offered a workaround for each one.
The first one is known as Vulnerability in Graphics Rendering Engine (link). This bug is caused by a remotely exploitable flaw in the way that Windows processes thumbnail images in Microsoft Office files. It doesn't affect Windows 7 but it affects other versions and working exploits are known to exist. This Microsoft KB article offers the workaround in the form of "FixIt" buttons. All but Windows 7 users should apply this patch.
The second unpatched vulnerability is the Internet Explorer CSS vulnerability (link) affecting all versions of IE and actively being exploited. Microsoft first recommended enabling EMET for IE to block aspects of the known exploits from being successful. Later they offered a much easier to apply solution in this Microsoft KB article in the form of another "FixIt" button. All Windows users should apply this patch
