Microsoft issues a large update for Patch Tuesday, plugging a total of 26 security holes in Windows and other Microsoft products.
Microsoft issued 13 security bulletins for
February's Patch Tuesday, patching a total of 26 vulnerabilities in a massive update
Five of the 13 bulletins
critical-MS10-006, MS10-007, MS10-008, MS10-009 and MS10-013. Qualys CTO Wolfgang
Kandek put MS10-006 and MS10-013 at the top of his list of patches to be
deployed. The first of the two deals with two vulnerabilities in Windows
affecting the SMB protocol that could permit remote code execution. MS10-013
fixes a flaw in Microsoft DirectShow that could be exploited if a user opens a
specially crafted AVI file.
Microsoft ranked those two-as well as MS10-007,
MS10-008 and MS10-015-at the top of the list of patches to be deployed first.
MS10-007 addresses a remote code execution vulnerability in the Windows Shell
Handler that impacts Windows 2000, Windows XP and Windows Server 2003. MS10-008
addresses a remote code execution vulnerability in the Microsoft Data Analyzer
ActiveX Control, while MS10-015 fixes two privilege escalation bugs in the
Although the Windows
is rated important and not critical, it was pushed up
in the company's priority rankings because proof-of-concept exploit code is now
available on the Internet, according to Microsoft.
fixes four critical vulnerabilities in Windows TCP/IP.
The most serious of the vulnerabilities can allow remote code execution if
specially crafted packets are sent to a computer with IPv6 enabled. The remaining
bulletins patch various holes in Windows, with the exception of fixes for
Microsoft Office and Office PowerPoint.
"Microsoft's February 2010 was slated to be the biggest
release for Microsoft patches in the last two years-14 bulletins addressing 34
vulnerabilities," Kandek said. "But the Google-CN Internet Explorer zero-day
forced Microsoft to accelerate the testing of the planned IE bulletin and
release it early, still in January. That leaves 13 bulletins covering 26
vulnerabilities for the February release, which constitutes one of the bigger Patch