Justin James gathers the information you need to make the right decision on applying Microsoft's January 2010 patches in your organization.
Happy New Year! Last month, I said that Microsoft had really gone off the rails regarding patching. This month, I take it all back. We have only one patch of note, a security patch for a problem in the font engine in Windows. There were no out-of-band patches, and all other items were minor. That being said, I highly doubt that this is anything more than the January lull; looking back at our Patch Tuesday coverage from January 2009, it looks to be as light as this one is. I certainly hope that February does not look like December did!
This blog post is also available in PDF format in a free TechRepublic download.
Security patchesMS10-001/KB972270 - Low (XP, Vista, W7, 2003, 2008)/Critical (2000): This patch fills a hole in the OpenType font engine. This vulnerability would allow specially crafted fonts embedded in a file (such as an Office file or something opened by Internet Explorer) to allow a remote code execution attack. The executing code has the rights of the currently logged on user, which is presumably why Microsoft gives a lower rating to the newer products. I recommend that you install this patch as soon as you can on your desktops and wait until your next patch cycle for your servers. 437KB - 1.2MB
No significant updates to report this month.
Changed, but not significantly:
- KB971513 - Windows Automation API
- KB973685 - Update to the XML 4.0 Core Services SP3
- KB973688 - Update to the XML 4.0 Core Services SP2
Updates since the last Patch Tuesday
There have not been any updates since the last Patch Tuesday.
TechRepublic's Windows Vista and Windows 7 Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista and Windows 7, including a look at new features in the latest version of the Windows OS. Automatically sign up today!