In January 2011, Microsoft released two bulletins for patching up three shortcomings related to security measures which can affect the Windows operating system. The major vulnerabilities of serious nature can be exploited through drive-by downloading websites as warned by the software company. Flaws for the drive-by download which were covered through MS11-002 were briefed to Microsoft through the program ‘TippingPoint Zero Day Initiative’ which buys data of vulnerability from private researchers.
The bulletin contains a minimum of two separate types of vulnerabilities in Microsoft Data Access Components and cautioned that security problems are there in the path of Microsoft Data Access Components which permitted third party usage of API and allocation of memory. Microsoft treats this as an important issue various editions of Windows Vista, Windows 7 and Windows XP. On Window Server 2008, Windows Server R2 and Windows Server 2003 the harshness is downgraded to vital. The second bulletin projects vulnerability regarding publicly disclosed matter in Backup Manager for Windows.
MS11-001 extends a patch with respect to DLL preloading matter in the backup tool of Windows. It is rated as important and applies only for Windows Vista. Preloading of DLL is an issue in other operating systems. It attracted attention in August 2010 when many vulnerable applications were found. Given the opportunity of preloading vulnerabilities of the DLLs, it is recommended for implementing the updates, KB2264107 and Security Advisory 2269637 that neutralizes the malicious attacks.
Although, some shortcomings will not be rectified such as Graphics Rendering Engine of Windows and vulnerability patches related to zero-day threats. These vulnerabilities may still be exploited as opined by Dave Marcus, director of communications and security research at McAfee Labs. The recommendation of McAfee is that one should install patches of Microsoft as early as possible. Users of Home editions of Windows should utilize Windows Automatic Updates. Users of Business editions require implementing a strategy for risk management and prioritizing the patches.