Microsoft addresses the following vulnerabilities in its February batch of
patches:
(MS10-003) Vulnerability in Microsoft Office (MSO) Could Allow Remote Code
Execution (978214) Risk Rating: High This security update resolves a privately reported vulnerability in Microsoft
Office that could allow remote code execution if a user opens a specially
crafted Office file.
(MS10-004) Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote
Code Execution (975416) Risk Rating: High This security update resolves six privately reported vulnerabilities in
Microsoft Office PowerPoint. This security update resolves six privately
reported vulnerabilities in Microsoft Office PowerPoint.
(MS10-005) Vulnerability in Microsoft Paint Could Allow Remote Code Execution
(978706) Risk Rating: Medium This security update resolves a privately reported vulnerability in Microsoft
Paint. The vulnerability could allow remote code execution if a user viewed a
specially crafted JPEG image file using Microsoft Paint.
(MS10-006) Vulnerabilities in SMB Client Could Allow Remote Code Execution
(978251) Risk Rating: Critical This security update resolves two privately reported vulnerabilities in
Microsoft Windows that could allow remote code execution if an attacker sent a
specially-crafted SMB response to a client-initiated SMB request.
(MS10-007) Vulnerability in Windows Shell Handler Could Allow Remote Code
Execution (975713) Risk Rating: Critical This security update resolves two privately reported vulnerabilities in
Microsoft Windows that could allow remote code execution if an attacker sent a
specially-crafted SMB response to a client-initiated SMB request.
(MS10-008) Cumulative Security Update of ActiveX Kill Bits (978262) Risk Rating: Critical This security update addresses a privately reported vulnerability for Microsoft
software. The vulnerability could allow remote code execution if a user views a
specially crafted Web page that instantiates an ActiveX control with Internet
Explorer.
(MS10-009) Vulnerabilities in SMB Client Could Allow Remote Code Execution
(978251) Risk Rating: Critical This security update resolves four privately reported vulnerabilities in
Microsoft Windows. The most severe of these vulnerabilities could allow remote
code execution if specially crafted packets are sent to a computer with IPv6
enabled.
(MS10-010) Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of
Service (977894) Risk Rating: High This security update resolves a privately reported vulnerability in Windows
Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V.
(MS10-011) Vulnerability in Windows Client/Server Run-time Subsystem Could
Allow Elevation of Privilege (978037) Risk Rating: High This security update resolves a privately reported vulnerability in Microsoft
Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000,
Windows XP, and Windows Server 2003.
(MS10-012) Vulnerabilities in SMB Server Could Allow Remote Code Execution
(971468) Risk Rating: High This security update resolves several privately reported vulnerabilities in
Microsoft Windows. The most severe of these vulnerabilities could allow remote
code execution if an attacker created a specially crafted SMB packet and sent
the packet to an affected system.
(MS10-013) Vulnerability in Microsoft DirectShow Could Allow Remote Code
Execution (977935) Risk Rating: Critical This security update resolves a privately reported vulnerability in Microsoft
DirectShow. The vulnerability could allow remote code execution if a user opened
a specially crafted AVI file. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
(MS10-014) Vulnerability in Kerberos Could Allow Denial of Service (977290) Risk Rating: High This security update resolves a privately reported vulnerability in Microsoft
DirectShow. The vulnerability could allow remote code execution if a user opened
a specially crafted AVI file. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
(MS10-015) Vulnerabilities in Windows Kernel Could Allow Elevation of
Privilege (977165) Risk Rating: High This security update resolves one publicly disclosed and one privately reported
vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of
privilege if an attacker logged on to the system and then ran a specially
crafted application.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.