It's Microsoft Patch Tuesday: January 2010

Justin James gathers the information you need to make the right decision on applying Microsoft's January 2010 patches in your organization.

Happy New Year! Last month, I said that Microsoft had really gone off the rails regarding patching. This month, I take it all back. We have only one patch of note, a security patch for a problem in the font engine in Windows. There were no out-of-band patches, and all other items were minor. That being said, I highly doubt that this is anything more than the January lull; looking back at our Patch Tuesday coverage from January 2009, it looks to be as light as this one is. I certainly hope that February does not look like December did!

This blog post is also available in PDF format in a free TechRepublic download.

Security patches

MS10-001/KB972270 - Low (XP, Vista, W7, 2003, 2008)/Critical (2000): This patch fills a hole in the OpenType font engine. This vulnerability would allow specially crafted fonts embedded in a file (such as an Office file or something opened by Internet Explorer) to allow a remote code execution attack. The executing code has the rights of the currently logged on user, which is presumably why Microsoft gives a lower rating to the newer products. I recommend that you install this patch as soon as you can on your desktops and wait until your next patch cycle for your servers. 437KB - 1.2MB

Other Updates

No significant updates to report this month.

"The Usual Suspects": Updates to the Malicious Software Removal Tool (9.4 - 9.7MB) and Junk Email filters (2.2MB).

Changed, but not significantly:

  • KB971513 - Windows Automation API
  • KB973685 - Update to the XML 4.0 Core Services SP3
  • KB973688 - Update to the XML 4.0 Core Services SP2

Updates since the last Patch Tuesday

There have not been any updates since the last Patch Tuesday.

TechRepublic's Windows Vista and Windows 7 Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista and Windows 7, including a look at new features in the latest version of the Windows OS. Automatically sign up today!