Microsoft Fixes Windows Security Vulnerabilities in Patch Tuesday Update
Microsoft issues a large update for Patch Tuesday, plugging a total of 26 security holes in Windows and other Microsoft products.Microsoft issued 13 security bulletins for February's Patch Tuesday, patching a total of 26 vulnerabilities in a massive update Feb. 9. Five of the 13 bulletins are rated critical-MS10-006, MS10-007, MS10-008, MS10-009 and MS10-013. Qualys CTO Wolfgang Kandek put MS10-006 and MS10-013 at the top of his list of patches to be deployed. The first of the two deals with two vulnerabilities in Windows affecting the SMB protocol that could permit remote code execution. MS10-013 fixes a flaw in Microsoft DirectShow that could be exploited if a user opens a specially crafted AVI file.
Microsoft ranked those two-as well as MS10-007, MS10-008 and MS10-015-at the top of the list of patches to be deployed first. MS10-007 addresses a remote code execution vulnerability in the Windows Shell Handler that impacts Windows 2000, Windows XP and Windows Server 2003. MS10-008 addresses a remote code execution vulnerability in the Microsoft Data Analyzer ActiveX Control, while MS10-015 fixes two privilege escalation bugs in the Windows Kernel.