With this January Microsoft Patch Tuesday Security Update, we see a very minor update with a single patch rated as Critical. Unfortunately, this patch WILL require a reboot.
Based on our sample of over 1,000 applications we have looked at conflicts with Microsoft Security Updates and the potential dependencies.
Based on the results of our AOK Application Compatibility Lab this single patch has limited impact on applications. We have included a brief snap-shot of some of the results from our AOK Software that demonstrates some of the potential impacts on the OSP application package with the following snap-shot image.
Patch Summary:
MS10-001 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
MS10-001 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
Testing Summary
- MS10-001 : "Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)"
Patch Name | Total Issues | Matches Affected | Reboot | Rating | RAG |
---|---|---|---|---|---|
Microsoft Security Bulletin MS10-001 | N/A | <1% | YES | Critical |
Legend:
No Issues Detected | |
Potentially fixable application Impact | |
Serious Compatibility Issue |
Security Update Detailed Summary
MS10-001 | Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) |
Description | This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Payload | Fontsub.dll, T2embed.dll, Fontsub.dll, T2embed.dll, Fontsub.dll, T2embed.dll, Fontsub.dll, T2embed.dll |
Impact | Critical |
*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.
No comments:
Post a Comment