It's Microsoft Patch Tuesday: January 2010

Justin James gathers the information you need to make the right decision on applying Microsoft's January 2010 patches in your organization.

Happy New Year! Last month, I said that Microsoft had really gone off the rails regarding patching. This month, I take it all back. We have only one patch of note, a security patch for a problem in the font engine in Windows. There were no out-of-band patches, and all other items were minor. That being said, I highly doubt that this is anything more than the January lull; looking back at our Patch Tuesday coverage from January 2009, it looks to be as light as this one is. I certainly hope that February does not look like December did!

This blog post is also available in PDF format in a free TechRepublic download.

Security patches

MS10-001/KB972270 - Low (XP, Vista, W7, 2003, 2008)/Critical (2000): This patch fills a hole in the OpenType font engine. This vulnerability would allow specially crafted fonts embedded in a file (such as an Office file or something opened by Internet Explorer) to allow a remote code execution attack. The executing code has the rights of the currently logged on user, which is presumably why Microsoft gives a lower rating to the newer products. I recommend that you install this patch as soon as you can on your desktops and wait until your next patch cycle for your servers. 437KB - 1.2MB

Other Updates

No significant updates to report this month.

"The Usual Suspects": Updates to the Malicious Software Removal Tool (9.4 - 9.7MB) and Junk Email filters (2.2MB).

Changed, but not significantly:

  • KB971513 - Windows Automation API
  • KB973685 - Update to the XML 4.0 Core Services SP3
  • KB973688 - Update to the XML 4.0 Core Services SP2

Updates since the last Patch Tuesday

There have not been any updates since the last Patch Tuesday.

TechRepublic's Windows Vista and Windows 7 Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista and Windows 7, including a look at new features in the latest version of the Windows OS. Automatically sign up today!

About Justin James

Justin James is an OutSystems MVP, architect, and developer with expertise in SaaS applications and enterprise applications.

Editor's Picks