In February 2011, Microsoft issued three bulletins related to the Internet Explorer (IE) security based patches for each week. These bulletins address 22 security vulnerabilities. MS11-003 carries updates related to 4 vulnerabilities. Also included is a fix for the bug that is outlined in the Microsoft advisory. This is a bug that could give outsiders access to a person’s settings.
Focused on this vulnerability, the task of removing this bug has been downplayed by Microsoft. To put this point through, Microsoft released telemetry statistics to state how the vulnerability can stack up against the patched vulnerability of Windows Shell, and explaining why a fix could not be released other than the normal cycle of release.
The next vulnerability addressed is the attack on thumbnail image. This fixes a loophole in the security of Microsoft Windows Graphic Engine that allows attacks on the files with thumbnail address. It allows outsiders gain knowledge and use of the incumbent’s computer and makes them load a specially formatted image. This problem is there in Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. However, it is absent in Windows 7, Windows Server 2008 R2 as Microsoft puts it.
The third or the other vulnerability is against open type compact font attack that has led to load a malicious font type which then spreads to the system. Rating second in the index, this vulnerability is rendered a patch remedy now. The vulnerability has also been disclosed privately and rates high in the index list. Along with these patches, Microsoft is also changing the Autorun facility on USB thumb drives in previous versions of Windows, earlier than Windows 7.
The update tackles basically 22 vulnerabilities that have come up in the course of the discovering of vulnerabilities as per reports and actual experiences. The extent to which these vulnerabilities affect the Windows operating system is to a great extent available to Microsoft based on which they release patches and updates every week. On February 8, 2011, these patches were released which would have taken effect by now.