Overview of the January 2010 Microsoft patch and status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating
------ |
Johannes 4075 Posts ISC Handler Jan 12th 2010 |
||||||||||||||||||||||
Thread locked Subscribe |
Jan 12th 2010 1 decade ago |
||||||||||||||||||||||
This doesn't really make sense. The advance notification specified a Windows 2000 update, while this notification seems to be the same patch as the EOT that was released a few months ago. If you look at the MS notification, both are listed (a different one under exploitability than under executive summary). I questioned my MS rep and he is to be checking with the MS security team.
|
Anonymous |
||||||||||||||||||||||
Quote |
Jan 12th 2010 1 decade ago |
||||||||||||||||||||||
@millerb: The vulnerability affects nearly all versions of Windows, but is only critical on 2000 SP4 due to heap protections on newer platforms.
Although the bulletin is simlar to MS09-065, the previous EOT flaw, MS10-01 is a vulnerability in user-space where MS09-065 was a kernel-space bug. See this post on the Microsoft SRD blog for detail: http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx |
Anonymous |
||||||||||||||||||||||
Quote |
Jan 12th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!