Yesterday was the first Patch Tuesday of the new year and it contained only two security bulletins for Microsoft Windows.
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
This security update resolves two privately reported vulnerabilities in Microsoft Data Access Components. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
This security update resolves a publicly disclosed vulnerability in Windows Backup Manager. The vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the legitimate file from that location, which in turn could cause Windows Backup Manager to load the specially crafted library file.
See more details on the January 2011 Security Bulletin Release page and you can download all of these security updates on a single CD image so that you can manually install them on computers that are not connected to the Internet.
The last thing – don’t forget about the webcast relating to these updates:
Microsoft is hosting a webcast to address customer questions on these bulletins on January 12, 2011, at 11:00 AM Pacific Time (US & Canada). Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
Stay safe out there.
