微软2010年1月安全公告 Windows2000独领风骚

之前总是大堆大堆的漏洞补丁和更新公告总是让各运维人员提心吊胆的，北京时间1月13日上午，更新公告出来了。和51cto编辑之前文章所述一致，微软果然就为Windows 2000发了一个补丁，XP/Vista/Windows 7用户都不在此漏洞威胁之列。而之前有消息说微软不再给windows 2000发补丁的消息，看来也是谣传了。

借用同行的一句话，请不是企业系统管理员的玩家无视掉本月的安全公告。

MS10-001

Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-001

Embedded OpenType 字体引擎中的漏洞可能允许远程执行代码 (972270)
此安全更新解决了 Microsoft Windows 中一个秘密报告的漏洞。 如果用户在可以呈现 EOT 字体的客户端应用程序（如 Microsoft Internet Explorer、Microsoft Office PowerPoint 或 Microsoft Office Word）中查看以特制的 Embedded OpenType (EOT) 字体呈现的内容，则该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。 攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。