Microsoft Patches Windows Security Vulnerability
In the first Patch Tuesday of 2010, Microsoft releases a critical security update for Windows 2000 users. The company also updates a bulletin from 2009 and issues an advisory about vulnerabilities in Adobe Flash Player 6.Microsoft released a single Windows security bulletin Jan. 12 for its first Patch Tuesday update of 2010. The bulletin is rated critical for users of Windows 2000 Service Pack 4, and low for several other editions of Windows. The vulnerability at issue lies within the Microsoft Windows EOT (Embedded OpenType) Font Engine, and is due to the way it decompresses specially crafted EOT fonts. If an attacker can trick a user into viewing content rendered in EOT font, the vulnerability could be exploited to permit remote code execution, Microsoft said.
"The lone Microsoft vulnerability affects everything from Windows 2000 to Windows 7, but is only rated critical for Windows 2000," Ben Greenbaum, senior research manager at Symantec Security Response, said in a statement. "From [Windows] XP SP2 [Service Pack 2] onward, Microsoft hardened heap memory with heap memory protection strategies; this makes the vulnerability less of an issue for the later systems."