Happy New Year! Last month, I said that Microsoft had really gone off the rails regarding patching. This month, I take it all back. We have only one patch of note, a security patch for a problem in the font engine in Windows. There were no out-of-band patches, and all other items were minor. That being said, I highly doubt that this is anything more than the January lull; looking back at our Patch Tuesday coverage from January 2009, it looks to be as light as this one is. I certainly hope that February does not look like December did!
This blog post is also available in PDF format in a free TechRepublic download.
Security patchesMS10-001/KB972270 - Low (XP, Vista, W7, 2003, 2008)/Critical (2000): This patch fills a hole in the OpenType font engine. This vulnerability would allow specially crafted fonts embedded in a file (such as an Office file or something opened by Internet Explorer) to allow a remote code execution attack. The executing code has the rights of the currently logged on user, which is presumably why Microsoft gives a lower rating to the newer products. I recommend that you install this patch as soon as you can on your desktops and wait until your next patch cycle for your servers. 437KB - 1.2MB
No significant updates to report this month.
Changed, but not significantly:
- KB971513 - Windows Automation API
- KB973685 - Update to the XML 4.0 Core Services SP3
- KB973688 - Update to the XML 4.0 Core Services SP2
Updates since the last Patch Tuesday
There have not been any updates since the last Patch Tuesday.
TechRepublic's Windows Vista and Windows 7 Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista and Windows 7, including a look at new features in the latest version of the Windows OS. Automatically sign up today!
Justin James is an OutSystems MVP, architect, and developer with expertise in SaaS applications and enterprise applications.