January 2010 Security Bulletin Release

Summary of Microsoft’s Security Bulletin Release for January 2010 Hi Everyone, We hope that 2010 is off to a good start for you. For our first bulletin release of the New Year, we have one Critical bulletin affecting all versions of Windows. The bulletin, MS10-001, addresses one vulnerability in the Embedded OpenType Font Engine and is Critical on Windows 2000. For all other versions of Windows, the vulnerability gets a Low rating. We’ve given the bulletin an aggregate rating of “2” on our Exploitability Index. This applies to Windows 2000 systems. All other systems are rated “3”. The vulnerable code is present on newer operating systems but through the Security Development Lifecycle (SDL), there are several mitigations in place that help prevent the likelihood of exploitation. Our Security Research & Defense (SRD) team has a great write up on this in their blog. We do recommend that customers evaluate and deploy this update as soon as possible. Especially those on Windows 2000. The following risk and impact slide reflects the aggregate severity and exploitability index rating for this bulletin: As you can see from our Deployment Priority slide, we give this a “2” based on the lower exploitability index rating and the Low severity and (continue reading...)