Just one…(?)

…. yea I know. I was expecting more than that too…

With talk of a Windows 7 remote kernel crash ( that doesn’t even blue-screen-of-death! ) – and the IIS file name extension issues, I was expecting more than just the one patch from Microsoft.

Though Microsoft’s MS10-001 OpenType Font vulnerability could allow remote code execution… And it does affect quite a few versions of their operating systems… I’m not sure it feels significant enough to captivate the audience of an entire ‘Patch Tuesday’. And Microsoft have a BIG audience !

Don’t look to Apple to satiate any patch-pangs…. Regardless of the libc/gdtoa RCE issue (and it’s associated PoC code now circulating ), Apple have yet to issue any OSX fixes this year.

For those needing more of a fix; To the rescue (?)…… Adobe.

Adobe has already released two security bulletins so far this year.

APSB10-01 is a possible RCE in Adobe Illustrator CS3 and CS4… Instructions on how to remedy it can be found here.

APSB10-02 ( to be released January 12th ) will address issues in both Reader and Acrobat for Windows, Mac and Unix. ( Until this patch is released, Adobe have issued the following security advisory for those seeking to mitigate the related vulnerability risks. )

And as always, our take on this month’s Microsoft Security Bulletin can be found here.