February 2010 Security Bulletin Release

Posted: 09 Feb 2010

MSRC Bulletin Release Blog Post

Hi everyone,

As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office.

In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month. We have also added MS10-015 (#12) to that list. It addresses Security Advisory 979682. We are aware of publicly available Proof-of-Concept code for this issue, but are not aware of any active attacks at this time. Here is the mapping from the bulletin numbers in the ANS to the released bulletin ID’s:

ANS Bulletin Number Actual Bulletin Number 1 MS10-006 2 MS10-007 3 MS10-008 4 MS10-009 5 MS10-012 6 MS10-013 7 MS10-003 8 MS10-004 9 MS10-010 10 MS10-011 11 MS10-014 12 MS10-015 13 MS10-005

As always, it is recommended that customers deploy all security updates as soon as possible. Of the bulletins released this month, customers should prioritize and deploy MS10-006, MS10-007, MS10-008, MS10-013, and MS10-015, given Critical severity ratings and/or Exploitability Index ratings of 1 (“Consistent Exploit Code Likely”).

MS10-013, which addresses a Critical vulnerability in DirectShow, should be at the top of your list for testing and deployment. This issue is Critical on all supported versions of Windows except Itanium based server products and has an Exploitability Index rating of 1. To exploit the vulnerability, an attacker could host a malicious AVI file on a website and convince a user to visit the site, or send the file via email and convince the a user to open it.

MS10-006 is also Critical on all versions of Windows, except Windows Vista and Windows Server 2008, and addresses 2 vulnerabilities in SMB Client. One of the vulnerabilities has an Exploitability Index rating of 1. In the simplest scenario, a system connecting to a network file share is an SMB Client. The issue occurs during the client/server negotiation phase of the connection. In order to exploit this issue, an attacker would need to host a malicious server and convince a client system to connect to it. An attacker could also try to perform a man-in-the-middle attack by responding to SMB requests from clients. From our analysis of this issue, we expect attempts to exploit it would be more likely to result in a Denial of Service than in Remote Code Execution.

MS10-007 addresses a Critical vulnerability in Windows Shell Handler that affects Windows 2000, Windows XP, and Windows Server 2003. The attack vector is through a specially crafted link that appears to the ShellExecute API to be a valid link. This issue has not been publicly exposed but we give it an Exploitability Index rating of 1, so we urge customers on affected platforms to install it as soon as possible.

MS10-008 is the last one I will give some additional detail on. This is a cumulative update for ActiveX Killbits and is also Critical. You will notice in our Severity & Exploitability Index chart that we did not give this an Exploitability rating. That is because a Killbit is not an update that addresses the underlying vulnerability. It is a registry setting that keeps the vulnerable ActiveX control from running in Internet Explorer. We will give these an Exploitability rating of 1 if we are aware of active exploitation but in this case, we are not.

You can find more detailed information about these bulletins in several blog posts by our Security Research & Defense team at http://blogs.technet.com/srd.

With that, here are the Severity and Exploitability Index and Deployment Priority slides:

In the following video, Adrian Stone and I talk a little more about this month’s top priority bulletins:

More listening and viewing options:

Windows Media Video (WMV)
Windows Media Audio (WMA)
iPod Video (MP4)
MP3 Audio
High Quality WMV (2.5 Mbps)
Zune Video (WMV)

I would also encourage you to attend out public webcast tomorrow where we will go in to detail on all 13 bulletins. Here is the registration information:

Date: Wednesday, Feb 10
Time: 11:00 a.m. PST (UTC -8)
Registration: http://msevents.microsoft.com/CUI/Ev...tID=1032427679

Hope you can join us!

Jerry Bryant
Sr. Security Communications Manager – Lead

*This posting is provided "AS IS" with no warranties, and confers no rights.*

More...

Posted By: SGT Oddball
09 Feb 2010

NoN

Posts : 4,166
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]

New 09 Feb 2010 #1

5 are already aviable at this time within windows update + the 1 every month, Kb removal tool...

Got those one for x64 based system:
-Kb978251
-Kb979099
-Kb975560
-Kb978262
-Kb971468
+
-Kb890830

Missing:
-Kb977165 (looks x86)
-Kb977935

Last edited by NoN; 09 Feb 2010 at 18:38.
My Computer
- My Computer
Computer Type: PC/Desktop
System Manufacturer/Model Number: Custom Build
OS: Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU: Ivy Bridge Core i5 3570K (Delidded)
Motherboard: Asus P8Z77-V LE PLUS
Memory: G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card: Asus Dual-RX480-O4G
Sound Card: Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays: Asus IPS 23"
Screen Resolution: 16/9
Keyboard: Cooler Master QuickFire XTi
Mouse: Razer Imperator 2012 (4G)
PSU: In Win C 900W Series 80+ Platinum
Case: Thermaltake Chaser A71
Cooling: Custom Water Cooling Loop
Hard Drives: Internal: 500Go Sata 6Gb/s (x2) 500Go Sata 3Gb/s (x2) SSD 60Go Sata 6Gb/s
Browser: IE 11.0.xxx Rtm
Antivirus: MSE
Other Info: "Raid0" with Intel Smart Response Technology (HDD/SSD)
Quote

Related Discussions

Our Sites

Site Links

Contact Us
Privacy and Cookies
Do not share my Personal Information.

About Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:53.

Find Us