Thursday 14 January 2010

Patch Tuesday: January 2010

With this January Microsoft Patch Tuesday Security Update, we see a very minor update with a single patch rated as Critical. Unfortunately, this patch WILL require a reboot.

Based on our sample of over 1,000 applications we have looked at conflicts with Microsoft Security Updates and the potential dependencies.
Based on the results of our AOK Application Compatibility Lab this single patch has limited impact on applications. We have included a brief snap-shot of some of the results from our AOK Software that demonstrates some of the potential impacts on the OSP application package with the following snap-shot image.

Patch Summary:

MS10-001 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
MS10-001 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)



Testing Summary
  • MS10-001 : "Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)"


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS10-001N/A<1%YESCriticalGreen

Legend:
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS10-001Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadFontsub.dll, T2embed.dll, Fontsub.dll, T2embed.dll, Fontsub.dll, T2embed.dll, Fontsub.dll, T2embed.dll
ImpactCritical


*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

No comments: