![]() ![]() ![]() “These Windows operating systems contain the vulnerable code but do not use this code in a way that may expose the vulnerability,” the company said in the security bulletin. All others were tagged with the lowest threat rating in Microsoft’s four-step scoring system. In November, Microsoft patched a flaw in how the Windows kernel parsed EOT fonts.Īlthough the vulnerability could result in remote code execution - security speak that means an attacker could use the bug to hijack a PC - only Windows 2000 got the critical ranking. This was the second EOT bug fix in the last three months. EOT fonts are a compact form of fonts designed for use on Web pages, but they can also be used in Word and PowerPoint documents. The patch addresses a bug in how Windows Embedded OpenType (EOT) font engine decompresses specially-crafted EOT fonts, said Microsoft in the accompanying MS10-001 bulletin. Today’s update patches just one vulnerability, which is rated “critical,” Microsoft’s highest threat ranking, for Windows 2000, but is rated “low” for all other versions of the operating system, up to and including the new Windows 7 and Windows Server 2008 R2. Microsoft today issued just one security update for Windows, the lowest number on a Patch Tuesday since January 2009.Īnd for once, researchers urged users to spend their patching time dealing with updates from Adobe, also expected today, rather than Microsoft ‘s fix. ![]()
0 Comments
Leave a Reply. |