Microsoft’s January 2011 security update doesn’t come out for several hours, but some security vendors are already making noise about what they expect to go unfixed.Specifically, you can expect to hear about Redmond’s lack of action on a vulnerability discovered by researcher Michal Zalewski. Security researchers have already warned of exploits against this particular flaw, and some — including Imperva senior security strategist Noa Bar Yossef — are suggesting measures to blunt the impact.Here’s Yossef’s tips, e-mailed to me by Imperva/Page One PR man Clinton Karr: 1. Assessing the exploits as mentioned in the patch. This includes understanding the details of the exploit and whether it is even applicable to the specific user. It is important also to understand how an attack would affect the system.2. Assessing the process of patching. Sometimes a patch may be contradictory to an already existing code, or even a work-around. 3. Patching the system itself. The patching process should be continuously reviewed. For instance, it already happened that MS released a patch which broke another fix.Watch this space later for more on the January security update from Microsoft.–Bill Brenner Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe