With the release of the security bulletins for January 2011, this bulletin summary replaces the bulletin advance notification originally issued January 6, 2011. For more information about the bulletin advance notification service, seeÂ Microsoft Security Bulletin Advance Notification.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visitÂ Microsoft Technical Security Notifications.
Microsoft is hosting a webcast to address customer questions on these bulletins on January 12, 2011, at 11:00 AM Pacific Time (US & Canada).Â Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, seeÂ Microsoft Security Bulletin Summaries and Webcasts.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section,Â Other Information.
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of decreasing exploitability assessment level then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
How do I use this table?
Use this table to learn about the likelihood of functioning exploit code being released within 30 days of security bulletin release, for each of the security updates that you may need to install. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please seeÂ Microsoft Exploitability Index.
|Bulletin ID||Vulnerability Title||CVE ID||Exploitability Index Assessment||Key Notes|
|MS11-001||Backup Manager Insecure Library Loading Vulnerability||CVE-2010-3145||1 – Consistent exploit code likely||This vulnerability has been disclosed publicly|
|MS11-002||DSN Overflow Vulnerability||CVE-2011-0026||1 – Consistent exploit code likely||(None)|
|MS11-002||ADO Record Memory Vulnerability||CVE-2011-0027||1 – Consistent exploit code likely||(None)|