DP's Security Bits

Issued: January 28, 2011

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2501696)
- Title: Vulnerability in MHTML Could Allow
Information Disclosure
- http://www.microsoft.com/technet/security/advisory/2501696.mspx
- Revision Note: V1.0 (January 28, 2011): Advisory published.

Issued: January 19, 2011

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2490606)
- Title: Vulnerability in Graphics Rendering Engine
Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2490606.mspx
- Revision Note: V1.2 (January 19, 2011): Clarified that the
Modify the Access Control List (ACL) on shimgvw.dll
workaround only applies to Windows XP and Windows Server 2003
systems and added a new workaround, Disable viewing of
thumbnails in Windows Explorer on Windows Vista and Windows
Server 2008 systems.

Issued: January 19, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS10-001 - Critical

Bulletin Information:

* MS10-001 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms10-001.mspx
- Reason for Revision: V1.1 (January 19, 2011): Added a link to
Microsoft Knowledge Base Article 972270 under Known Issues in
the Executive Summary.
- Originally posted: January 12, 2010
- Updated: January 19, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

Issued: January 11, 2011

Security Advisories Updated or Released Today

* Microsoft Security Advisory (973811)
- Title: Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
- Revision Note: V1.10 (January 11, 2011): Updated the FAQ
with information about a new release enabling Microsoft
Office Live Meeting Service Portal to opt in to Extended
Protection for Authentication.

* Microsoft Security Advisory (2488013)
- Title: Vulnerability in Internet Explorer Could
Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2488013.mspx
- Revision Note: V1.2 (January 11, 2011): Added the
workaround, Prevent the recursive loading of CSS style sheets
in Internet Explorer, and revised Executive Summary to
reflect investigation of limited attacks.

* Microsoft Security Advisory (2269637)
- Title: Insecure Library Loading Could Allow Remote
Code Execution
- http://www.microsoft.com/technet/security/advisory/2269637.mspx
- Revision Note: V4.0 (January 11, 2011): Added Microsoft
Security Bulletin MS11-001, "Vulnerability in Windows Backup
Manager Could Allow Remote Code Execution," to the Updates
relating to Insecure Library Loading section.

Language(s): English.
Product(s): Other.
Audience(s): IT Decision Maker, IT Generalist.

Event Overview: Join us for a brief overview of the technical details of the January security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···jan.mspx

Critical (1)

Microsoft Security Bulletin MS11-002
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
»www.microsoft.com/technet/securi···002.mspx

Important (1)

Microsoft Security Bulletin MS11-001
Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
»www.microsoft.com/technet/securi···001.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Microsoft Security Bulletins to be issued: January 11, 2011

This is an advance notification of two (2) security bulletins that Microsoft is intending to release on January 11, 2011.

1 rated Critical and 1 rated Important

http://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx

WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session.

http://wordpress.org/news/2010/12/3-0-4-update/

Microsoft released Security Advisory 2490606, which addresses a publicly disclosed vulnerability affecting Microsoft Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. We are not aware of any affected customers, nor of any active attacks targeting customers. The vulnerability does not affect Windows 7 or Windows Server 2008 R2, the newest versions of our operating system.