Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             Archive
                July 2009
                Emergency Patch Release July 2009
                August 2009
                September 2009
                October 2009
                November 2009
                December 2009
                Emergency Patch Release January 2010
                January 2010
                February 2010
                Emergency Patch Release March 2010
                March 2010
                April 2010
                May 2010
                June 2010
                July 2010
                August 2010
                September 2010
                October 2010
                November 2010
                December 2010
                January 2011
             February 2011
             March 2011
             April 2011
             May 2011
             June 2011
             July 2011
             August 2011
             September 2011
             December2011
             January 2012
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> Archive >> February 2010 08 February 2012  
Patch Tuesday February 2010

Unlike the last month’s single patch, this month we have thirteen Security bulletins from Microsoft. Five are considered Critical, Seven are Important and one is Moderate.  They effect all Operating Systems (2000, XP, 2003, Vista, 2008 & Windows 7) as well as applications such as Microsoft DirectShow, Microsoft Office, Microsoft Paint & Windows Internet Explorer.

The patches fix an array of vulnerabilities which could, if exploited, allow an attacker to control and run code remotely. The majority of the patches will require a system restart, so should be managed in a controlled manner to avoid any business impact that may be associated with the downtime.

Our usual advice is…

  • Ensure that the critical patches are deployed to all Windows desktop and server operating systems and Software, where appropriate, immediately.
     
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment.
     
  • Update your Operating systems with the latest critical patches (MS10-006, MS10-007, MS10-008, MS10-009, MS10-013)

As always, some consideration is needed in order to evaluate any risks depending on whether you have the relevant affected environment. More details on these patches is given in the table below with links to the relevant Microsoft Knowledge base articles.

Table 1: Details of MS Patches released Tuesday 09/02/2010

MS Link ITSL Summary Severity Affected Software Restart after patch

MS10-006

KB978251

 This patch fixes two reported vulnerabilities in Microsoft Windows that could allow remote software execution if an attacker sent a specially crafted response to a client-initiated request. Please patch immediately.

Critical

 Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7 and Windows 2008

Yes

MS10-007

KB975713

 This patch fixes a vulnerability in 2000, XP & Server 2003. Other versions of Windows are not at risk. This vulnerability could allow an attacker to control and run code on your systems if an application, such as a Web browser, pases affected data to the Windows sub system.

Critical

 Windows 2000, Windows XP, Windows 2003

Yes

MS10-008

KB978262

 This vulnerability could allow remote code execution if a user views a specially crafted Web page that runs an ActiveX control with Internet Explorer.  The attacker is granted the same network access rights as the victim.  Users who have administrative privileges could unwittingly give the attacker full network access. Rated Critical for Windows 2000 & XP. Rated Important for Vista & Windows 7. Rated Moderate for Server 2003. Rated Low for Server 2008 (&R2).

Critical

Important

Moderate

Low

 Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7 and Windows 2008

May Require Restart

 

MS10-009

KB974145

 This patch fixes four reported vulnerabilities with Microsoft Windows and could allow an attacker to control and run code on your systems if they are actively trying to connect to the affected system.

Critical

 Windows Vista, Windows 2008

Yes

MS10-013

KB977935

 This security update resolves a reported security flaw in Microsoft DirectShow. The vulnerability could allow remote software execution if a user opened a specially crafted AVI video file.  An attacker who successfully exploited this vulnerability could take complete control of an affected computer.  An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Victims whose accounts are configured to have fewer user rights on the system could be less impacted than users who have administrator user rights.

 

Critical

 Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7 and Windows 2008

Yes

MS10-003

KB978214

 In simple terms this patch fixes a vulnerability in Microsoft Office that could allow remote software execution if a user opens a specially crafted Office file. The attack could then install programs; view, change, or delete data; or create new accounts with full user rights.

Important

 Office XP, Office 2004 for Mac

May Require Restart

MS10-004

KB975416

 This resolves six reported security flaws in Microsoft Office PowerPoint.  The vulnerabilities could allow remote software execution if a user opens a specially crafted PowerPoint file.  An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Important

 Office XP, Office 2003 & Office 2004 for Mac

May Require Restart

MS10-010

KB977894

 This security update resolves a reported security flaw in Windows Server 2008 Hyper-V and 2008 R2 Hyper-V and could allow a denial of service under certain circumstances. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability, so this could not be exploited remotely or anonymously. Our advice is to patch Servers as part of your regular updates.

 

Important

 Hyper-V (2008, 2008 R2)

Yes

MS10-011

KB978037

 This security update resolves a reported security flaw in Microsoft Windows 2000, Windows XP, and Windows Server 2003. An attacker must have a valid logon account and be able to log on locally to exploit this vulnerability.  The vulnerability could not be exploited without a valid logon account.

Important

 Windows 2000, Windows XP, Windows 2003

Yes

MS10-012

KB971468

 This patch resolves several reported security flaws in Microsoft Windows.  The most severe of these vulnerabilities could allow remote software execution if an attacker created a specially crafted data packet and sent the packet to an affected system.  Standard default firewall configurations can help protect networks from these attacks from outside the network.

 

Important

 Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7 and Windows 2008 R2

Yes

MS10-014

KB972290

 This vulnerability could allow a denial of service if a specially crafted data packet is sent from an authenticated user.  The denial of service could persist until the domain controller is restarted.

Important

 Windows 2000, Windows 2003 and Windows 2008

Yes

MS10-015

KB977165

 This security update resolves two reported security flaws in Microsoft Windows which could allow a low level access user account to gain administrator access. To exploit these vulnerabilities, an attacker must have valid logon credentials and be able to log on to the network locally.

Important

 Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7 (32Bit)and Windows 2008

Yes

MS10-005

KB978706

 This vulnerability could allow remote software execution if a user viewed a specially crafted JPEG image file using Microsoft Paint.  Victims whose accounts are configured to have fewer user rights on the system could be less impacted than users who have administrator user rights.

Moderate

 Windows 2000, Windows XP, Windows 2003

Yes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009-2011 IT ServiceLink LTD A Microsoft Small Business Specialist