Next week, Microsoft’s first Patch Tuesdayfor 2011 will occur. A post in the Microsoft Security Response Center blog, outlines the planned patches. It appears that it’s going to be a smaller download than the 17 patches in December. That would be welcome, but the January downloads won’t include fixes for two serious flaws.
They said This month we will not be releasing updates to address Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer). We continue to actively monitor both vulnerabilities and for Advisory 2488013 we have started to see targeted attacks.
The Internet Explorer vulnerability affects nearly every PC running today. The Graphics Engine bug was only recently revealed at the POC conference a few days ago. It affects XP, Vista and 7 machines. We can forgive them for not reacting fast on the second one, but the other has been around long enough for at least a temporary fix to have been approved.