Patch Tuesday - Jan 2010

From the look of things Microsoft is starting off slow this year with only one of each in today's release – one bulletin, one advisory and one re-released bulletin. However, there is still no bulletin for Security Advisory 977544 - the Vulnerability in SMB Could Allow Denial of Service. Microsoft says they are still working on an update for this issue and are not aware of any attacks using the exploit code.

The bulletin they did release is MS09-035 Active Template Library (ATL) bulletin after adding Windows Embedded CE 6.0 to the affected product list. This release only affects developers and OEMs building application on top of CE 6 or producing devices that use the operating system.

The last release from Microsoft was a Security Advisory 979267 to increase awareness regarding reports of vulnerabilities in Adobe Flash player 6 which shipped with Windows XP. I would like to mention that Flash 6.0 is a very old version, considering it came with XP, so please update to the latest version of Flash.

Please note that Adobe is releasing APSB10-02 Security Advisory today to resolve critical vulnerabilities being actively exploited in Adobe Reader and Acrobat 9.2 on Windows, Mac, and UNIX.

Even with only one update from Microsoft, I would suggest that everyone installs it as a matter of standard procedure. But I would make the Adobe update my first priority this month.