It is a new year and a new month and that means it is time for the first Patch Tuesday of 2011.
This one is a small one to get the new year started – just two bulletins – and both impact Microsoft Windows with one categorized as Critical Security and the other one as Important. Both deal with remote code execution vulnerabilities.
You can read more about this Security Bulletin Advance Notification for January 2011 and also sign up to receive your own copy of these notifications.
According to the MSRC these updates are not related to recently announced vulnerabilities they are tracking:
This month we will not be releasing updates to address Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer). We continue to actively monitor both vulnerabilities and for Advisory 2488013 we have started to see targeted attacks. If customers have not already, we recommend they consult the Advisory for the mitigation recommendations. We continue to watch the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.
And of course you can watch the webcast after Patch Tuesday to learn more about the updates:
Microsoft will host a webcast to address customer questions on the security bulletins on January 12, 2011, at 11:00 AM Pacific Time (US & Canada). Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.