Microsoft Releases 2 bulletins addressing 3 vulnerabilities in Windows

Today as part of our monthly security bulletin release Microsoft have two bulletins addressing three vulnerabilities in Microsoft Windows and Windows Server. This first bulletin (MS11-001) is rated Important, while the second (MS11-002) is rated Critical.


MS11-001: Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
This bulletin resolves one reported issue rated Important and affecting Windows Vista. This security bulletin addresses a vulnerability in Windows Backup Manager. This has an Exploitability Index rating of 1, and gets a 2 on our deployment priority list.

MS11-002: Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
This bulletin addresses two vulnerabilities affecting all supported versions of Windows. The first vulnerability is rated Critical for Windows XP, Vista and Windows 7 and the second rated Important for all supported versions of Windows Server. It involves the Microsoft Data Access Components (MDAC). This has an Exploitability Index rating of 1, and because there is a web based attack vector, this is at the top of our deployment priority list.

Microsoft are not aware of Proof of Concept (PoC) code or of any active attacks seeking to exploit the vulnerabilities addressed in this month's release.

As always, Microsoft recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning.

Deployment Priority (Credit: Microsoft)

More information about this month's security updates can be found on the Microsoft Security Bulletin Microsoft Security Bulletin Summary for January 2011.


Originally posted at January 2011 Security Bulletin Release