Microsoft Patch Tuesday update excludes fix for MHTML flaw

Three of the bulletins are critical and include updates to address the recently disclosed flaws in Internet Explorer and Windows thumbnail preview.

These vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended, said Wolfgang Kandek, chief technology officer at security firm Qualys.

The lower-rated flaw in the FTP service is to be addressed with an update to the IIS server.

The remaining updates address flaws in Windows, Office and the development platform Visual Studio.

All versions of Windows from Windows XP SP3 up to the latest versions Windows 7 and Windows Server 2008 R2 are affected, but the Office bulletin is limited to the Visio versions 2002, 2003 and 2007, said Kandek.

The recent MHTML issue in Windows affecting Internet Explorer will not be addressed in the February update.

The workaround suggested by Microsoft in Advisory 2501696 continues to be the recommended way of mitigating this attack vector, said Wolfgang Kandek.

In addition to the Microsoft updates, IT administrators will have to deal with an update for Adobe Reader X, which is the latest version of the software and includes a sandbox approach to provide additional protection against attacks.

Adobe Security Advisory APSB11-03 warns of several critical flaws in the product, said Kandek.

"They will be addressed on 8 February for Windows and Mac OS X, but Unix users will have to wait until 28 February," he said.
 

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?