Microsoft’s monthly security ritual known as “Patch Tuesday” is off to a slow start in the new decade. eSecurity Plant has the story on the latest from the software giant, which includes one significant vulnerability, and one Security Advisory that affects Adobe Flash Player on Windows XP.
In what turns out to be a sleepy first “Patch Tuesday” of the new decade, Microsoft only had one critical flaw to address in its latest monthly collection of bug fixes — and that is in the oldest supported version of Windows.
However, Microsoft (NASDAQ: MSFT) also distributed a Security Advisory meant to warn users about several holes in Adobe’s Flash Player 6 product when running on Windows XP.
Microsoft typically releases all, or most, of the new patches for its products on the second Tuesday of each month, thereby earning it the nickname of “Patch Tuesday.”
In its latest installment, January’s Patch Tuesday roundup includes a Windows bug rated critical only for Windows 2000 Service Pack 4 (SP4). For all other supported versions of Windows, including Windows 7, the impact of the vulnerability is only rated as “low” — the least-dire level of Microsoft’s four-tier severity rating scale.
This latest bug involves a Windows technology called Embedded OpenType (EOT), which provides a means for embedding compressed fonts in Web pages and in documents. If a user were to click on a booby-trapped file, a malicious attacker could take control of the user’s computer.