Microsoft released their advanced notification for the January 2011 edition of Patch Tuesday.  As expected, this month will be a 'light' month after an extremely large December 2010 patch Tuesday.  This month, Microsoft is planning to release 2 security bulletins that fix 3 vulnerabilities.

Bulletin Breakdown

  • 1 bulletin rated Critical
  • 1 bulletin rated Important
  • 1 bulletin applies to the Microsoft Vista operating system only
  • 1 bulletin applies to all supported Microsoft operating systems
  • 2 bulletins can result in Remote Code Execution

It is important to note that Microsoft is not planning to issue patches for the two new security advisories on Patch Tuesday.

  • Microsoft Security Advisory (2488013) affecting Internet Explorer
    Microsoft has provided workarounds with their EMET toolkit for those who want to mitigate the risk of this zero day vulnerability.
  • Microsoft Security Advisory (2490606) affecting Windows Graphics Rendering Engine
    This advisory affects all supported Microsoft operating systems except Windows 7 and Windows 2008 R2.  The security bulletins that Microsoft is planning to release affect either the Windows Vista or all supported operating systems.  As there is no planned patch release this coming Tuesday, you can protect your systems by applying a newly released FixIt Tool found on the Microsoft website.  This FixIt tool is very similar to a previously released tool.  If you choose to apply this temporary fix, you need to be aware that all icons will no longer display their normal graphics.  This could cause an uptick in support calls as users will not see their usual desktop and Start Menu icons.

With any security advisory, it is important to continue to monitor the situation for an out-of-band release or a last minute Patch Tuesday addition.  Stay tuned, more information to come on Patch Tuesday.  I will be holding our monthly webinar on Wednesday, January 12th to review the patches from patch Tuesday.  You can register for the event here.

- Jason Miller