| By Susan Bradley |
2011 is not getting off to a good start for Windows vulnerabilities — we’re starting the new year with more unpatched known vulnerabilities than ones we’re able to fix through updates.
Most of you will see just one official Patch Tuesday security update. But there are workarounds and mitigations you might need to consider.
Rating the risk of unpatched vulnerabilities
Microsoft’s Security Research & Defense blog took time out to recap all the unpatched vulnerabilities.
I’m highlighting two of these threats: the first was covered in my Jan. 6 story, “Protecting your browsing with EMET,” and the second I discuss in the next item.
The Jan. 6 article discusses the recently released Enhanced Migration Experience Toolkit (EMET) 2.0 and how it can be used to protect Internet Explorer from a cascading style sheets bug.
► What to do: If you haven’t installed EMET, try out the Microsoft Fixit for cascading style sheets in Support article 2488013. In a future Patch Watch, I’ll remind you to remove the Fixit when the final patch is released.
Fixit for Windows Graphics Rendering bug
The second unpatched Internet Explorer vulnerability is described in TechNet Security Advisory 2490606. Exploiting a bug in the Windows Graphics Rendering Engine, an attacker can use a malicious thumbnail image to take control of any current Windows system.