Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

26 vulnerabilities addressed in February patch release

Shavlik Technologies : 10 February, 2010  (Technical Article)
Microsoft issues high level of bulletins in February following light January release with 26 vulnerabilities closed out
Jason Miller, Data and Security Team Leader at Shavlik Technologies comments on Patch Tuesday.

'Microsoft has released 13 new security bulletins for February's Patch Tuesday. This size of this release is not uncommon. Historically, Microsoft has had a light January followed by a large February. This month's patches address 26 vulnerabilities. There have been no reports of active attacks against these vulnerabilities. One of these vulnerabilities has been publically disclosed.

There are three bulletins administrators should address right away:

MS10-006 - Fixes two vulnerabilities in the SMB networking service that affects all supported operating systems. Visiting a malicious website that makes a file sharing connection can result in remote code execution. There are two security bulletins this month that affect SMB. MS10-006 is not related to MS10-012.

MS10-007 - Fixes one vulnerability in the Windows Shell handler that affects Windows 2000, XP and 2003 operating systems. Visiting a specially crafted website can result in remote code execution. This vulnerability will more than likely be exploited in the near future as malicious websites are an extremely common attack vector for vulnerabilities.

MS10-013 - Fixes one vulnerability in Microsoft DirectShow. This bulletin affects all supported operating systems. Opening a specially crafted media file, AVI, can result in remote code execution. It is important to note that some operating systems may require multiple patches from this bulletin to fix the vulnerability. Media files are commonly sent and downloaded, so this vulnerability could affect many users.

Microsoft Security Advisory 979682 has been expired as the bulletin MS10-015 addresses this known vulnerability. There still have been no reports of active exploits on this vulnerability.

In MS10-004, Microsoft is patching PowerPoint. It is important to note that PowerPoint Viewer 2003 is affected by this vulnerability, but Microsoft is not releasing a patch for this version of the viewer. Microsoft is stating the product has reached the end of its lifecycle and will not have any future security patches. You should identify all PowerPoint 2003 Viewers on your network and upgrade them to PowerPoint 2007. The newer version of the viewer is not affected by this vulnerability.

Microsoft has also released a new Security Advisory in 977165. Over the past couple of months Microsoft has been releasing new security advisories on Patch Tuesday. It is important to watch for items other than security bulletins as these might slip by network admins as they are focused on the bulletins. As a general security practice, every single new Security Advisory should be reviewed and workarounds should be applied if necessary.'

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo