Microsoft has released two security bulletins MS11-001 & MS11-002 to fix three vulnerabilities on Jan 2011 patch Tuesday. Out of two one each has been rated Critical & Important. As mentioned in previous post for Preview of January 2011 Patch Tuesday, these bulletins does not contains patches for two 0-day vulnerabilities found in Windows Graphic Rendering Engines & Internet Explorer.
MS11-001, KB2478935– Rated – Important: – This security update fixes publicly disclosed vulnerability in Microsoft Windows Backup Manager. By exploiting this vulnerability attacker can make application load DLLs kept at a remote location instead from a local drive. The vulnerability is same as fix in last month Patch Tuesday the only difference is that this time the problem is in Windows Backup Manger system. Only Microsoft windows Vista is affected by this security hole.
MS11-002, KB2451910– Rated – Critical :- This security update fixes two privately reported vulnerabilities in Microsoft Data Access components, which can allow attacker to execute remote code execution attack with the help of a malformed Web page. By exploiting the hole attacker can get logged on user rights. As the vulnerabilities are discovered by Microsoft itself the exploit is not available in wild, still keeping in view the importance of the update its rated as critical and should be installed asap. All of the Microsoft’s Operating systems are affected by this vulnerability.
Install all Important Service Packs
Severity and Exploitability Index
Bulletin Deployment Priority