Light Month from Microsoft

Microsoft affects a vulnerability in the embedded Open Type font engine. The security bulletin is rated as Critical, but that rating really only applies to Windows 2000 systems. For all other versions of Windows, this flaw is rated as a Low severity.

Tyler Reguly, senior security engineer for characterized the Microsoft update as more or less trivial. "Welcome to a slow start to the new year. A single patch, and from a research standpoint, not even an interesting one. All patches should be taken seriously but this definitely isn't a fire that needs to be put out quickly, this one can definitely fall into regular patching cycles."

nCircle director of security Andrew Storms suggests putting the time normally spent on assessing and implementing patches into other worthwhile endeavors. "This is a very light Patch Tuesday from Microsoft and IT security teams should be taking advantage of the situation to address housekeeping items. Take the time this month to find every out-of-date Microsoft system and apply any necessary patches from those 2009 vulnerabilities."

Storms added, though, that "One of the outstanding bugs that wasn't patched this month is an SMB denial of service attack vulnerability that has been open since mid-November. Since Microsoft has left the bug open for this long it's now clear that the threat isn't as serious as many people believed."