The Redmond company released the first patches for its operating systems in January 2011. Two updates for two security bulletins deal with three security vulnerabilities within Windows components.
One of the security holes is rated critical, while the other one in the Windows Backup Manager just affects Windows Vista and is only rated “important”. This “important” vulnerability reminds of the unsafe DLL loading problem (from the directory of the program executable) many applications had to fight with a few weeks ago.
The critical rated vulnerability is within the MDAC components of all current Windows versions. Just by surfing to the wrong web site it is possible to infect the PC with malware like a Trojan.
There are currently at least two further publicly reported vulnerabilities within Windows which aren’t patched on this Patchday though. For example, there is an Office vulnerability which allows attackers to compromise the computer and another critical hole in the way Windows is handling thumbnail previews.
Still it is important to apply the new updates as soon as possible to decrease the attacking surface for cyber criminals!