Microsoft is preparing to release patches for just three vulnerabilities this month, the company revealed in its Security Bulletin Advance Notification for January 2011.Only two patch packages will be offered to users, designed to fix issues in various Windows releases.
The two security bulletins are scheduled for release next week on January 11, and as usual, will be served automatically through Windows Update to customers.
“The first bulletin is Important and affects Windows Vista,” revealed Carlene Chmaj, Microsoft Trustworthy Computing, Senior Response Communications Manager.
“The second bulletin has an aggregate of Critical and all supported versions of Windows are affected. As always, we recommend that customers deploy these updates as soon as possible
Windows 7 users will need to update this month just as those running additional supported versions of the operating system.
The single security bulletin which impacts Windows 7 has been rated as Critical, which means that in the eventuality of a successful exploit, a potential attacker could perform remote code execution on an affected system.
Following the launch of the December 2010 batch of security bulletins, the software giant warned customers of two vulnerabilities with details already available in the wild.
Neither will receive a patch the coming week, even though the Redmond company noted that it has started to detect attacks targeting the flaws.
“This month we will not be releasing updates to address Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer),” Chmaj explained.
“We continue to actively monitor both vulnerabilities and for Advisory 2488013 we have started to see targeted attacks.
“If customers have not already, we recommend they consult the Advisory for the mitigation recommendations. We continue to watch the threat landscape very closely.”