Antivirus VBA32 VirusBlokAda / Àíòèâèðóñ VBA32 ÂèðóñÁëîêÀäà / PRODUCTS AND UPDATINGS Microsoft's January Patch Tuesday: 3 fixes but 5 holes unpatched rus Home Feedback Search Sitemap

SEARCHING
PERSONAL AREA
Login:
Password:


NEWS
24.01.2011
Results of the self-protection test on a platform x64
More in detail
03.08.2010
Microsoft closed vulnerability in lnk-files
More in detail
09.04.2010
VBA32 has received new gold...
More in detail
01.03.2010
General manager of "VirusBlokAda" Ltd Bagmet Alexander Vladimirovich has been awarded with the order «THE FATHERLAND’S GLORY STAR»
More in detail
23.04.2009
Updatings of Vba32 are accessible now on internal resources byfly.
More in detail

 

PRODUCTS AND UPDATINGS Microsoft's January Patch Tuesday: 3 fixes but 5 holes unpatched

12.01.2011 Microsoft's January Patch Tuesday: 3 fixes but 5 holes unpatched
On its first Patch Tuesday of 2011, Microsoft fixes three vulnerabilities within two security updates but leaves at least five confirmed security problems unpatched

According to bulletin MS11-002, the MDAC database module has been given two updates. One of the vulnerabilities is rated critical and can be exploited to infect systems with malware without requiring any user interaction. Microsoft's security experts consider the danger of attackers successfully exploiting this vulnerability as very high (Exploitability Index of 1). Peter Vreugdenhil apparently already exploited this hole, which affects all versions of Windows, to crack Internet Explorer 8 on Windows 7 despite ASLR and DEP at the Pwn2Own contest in March 2010. The second MDAC hole is contained in the API and can only be exploited in combination with third-party applications. However, Microsoft hasn't disclosed which applications could be involved. The update described in bulletin MS11-001 exclusively affects Windows Vista users and is only rated "important". Apparently, the Windows Backup Manager prefers to load libraries from the directory which holds the .wbcat file that was used to launch it. As this directory could be located on a network, a click on a suitable link could cause a system to become infected. An overview of the January patches is available in Microsoft's summary. Users should install particularly the MDAC update as soon as possible. However, this isn't enough to make Windows systems fully secure, as five known security holes now listed in a blog posting have not been patched. A particularly critical vulnerability is the CSS hole in Internet Explorer, which has been known since Christmas and is already actively being exploited for targeted attacks on the internet. Protection is available via the Enhanced Mitigation Experience Toolkit (EMET); the article "Damage limitation: Mitigating exploits with Microsoft's EMET" at The H Security describes how to use this toolkit. Another dangerous security problem is contained in the Windows Graphics Rendering Engine, which chokes on specially crafted thumbnails. Windows 7 and 2008 Server are not affected by this problem.

 

 

CONTACTS

127106 Russia, Moscow, Gostinichnaya str., 10/5
Tel: +7 (495) 221-21-07
E-mail: [email protected]

Ñèñòåìà ýëåêòðîííûõ ïëàòåæåé      Rambler's Top100   

ChronoPay - Internet Payment Service Provider: accept online payments with credit cards and debit cards  

For home useFor corporate useFor file serversAutomated management and updatingProtection of e-mail systemsProtection of Gateways
AntivirusBeta-versions
BrieflyLicenses and certificatesClientsPartnersFor dealers
Software development
Company newsProducts and updatingsSafety NewsPress-kitSubscription to dispatch
Jobs at VBA32 - ProgrammerJobs at VBA32 - TesterWork for students
1-Month TrialSupport of educationSupport of medicine