February 2010 - Microsoft Releases 13 Security Advisories

  Severity: CRITICAL
  Advisory Date: FEB 09, 2010

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its February batch of patches:

(MS10-003) Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

(MS10-004) Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Risk Rating: High
This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint.

(MS10-005) Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Risk Rating: Medium
This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint.

(MS10-006) Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Risk Rating: Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially-crafted SMB response to a client-initiated SMB request.

(MS10-007) Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Risk Rating: Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially-crafted SMB response to a client-initiated SMB request.

(MS10-008) Cumulative Security Update of ActiveX Kill Bits (978262)
Risk Rating: Critical
This security update addresses a privately reported vulnerability for Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer.

(MS10-009) Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Risk Rating: Critical
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled.

(MS10-010) Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Risk Rating: High
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V.

(MS10-011) Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003.

(MS10-012) Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Risk Rating: High
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.

(MS10-013) Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Risk Rating: Critical
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

(MS10-014) Vulnerability in Kerberos Could Allow Denial of Service (977290)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

(MS10-015) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Risk Rating: High
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

Featured Stories