Saturday, January 21, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Sharp Establishes New Research and Development Center for Home Appliances in China
Samsung Seeks Arbitration Over LCD Supply Halt
Canon May Invest In Toshiba's Chip Business
Samsung To Explain What Caused The Galaxy Note 7's ban In Press Event
Nintendo's 'Fire Emblem Heroes' Smartphone Game features in-app Purchases
Fujifilm X-T20 Features New 24MP Sensor and 4K Video Capture
Samsung Begins Rollout of Android 7.0 Nougat
European Commission Welcomes Steps Taken by Amazon, Audible and Apple to Improve Competition in Audiobook Distribution
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, February 10, 2010
Microsoft Released February 2010 Security Bulletin


Microsoft's today released 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office.

The new patches address issues such as one for Windows that could be exploited to take control of a computer and another one that has resided in the 32-bit Windows kernel since its release 17 years ago.

Latest Security Updates

MS10-003 - addresses a vulnerability in Microsoft Office (KB 978214)
MS10-004 - addresses a vulnerability in Microsoft Office (KB 975416)
MS10-005 - addresses a vulnerability in Windows (KB 978706)
MS10-006 - addresses a vulnerability in Windows (KB 978251)
MS10-007 - addresses a vulnerability in Windows (KB 975713)
MS10-008 - addresses a vulnerability in Windows (KB 978262)
MS10-009 - addresses a vulnerability in Windows (KB 974145)
MS10-010 - addresses a vulnerability in Windows (KB 977894)
MS10-011 - addresses a vulnerability in Windows (KB 978037)
MS10-012 - addresses a vulnerability in Windows (KB 971468)
MS10-013 - addresses a vulnerability in Windows (KB 977935)
MS10-014 - addresses a vulnerability in Windows (KB 977290)
MS10-015 - addresses a vulnerability in Windows (KB 977165)

MS10-013, which addresses a Critical vulnerability in DirectShow. This issue is Critical on all supported versions of Windows except Itanium based server products and has an Exploitability Index rating of 1. To exploit the vulnerability, an attacker could host a malicious AVI file on a website and convince a user to visit the site, or send the file via email and convince the a user to open it.

MS10-006 is also Critical on all versions of Windows, except Windows Vista and Windows Server 2008, and addresses 2 vulnerabilities in SMB Client. One of the vulnerabilities has an Exploitability Index rating of 1. In the simplest scenario, a system connecting to a network file share is an SMB Client. The issue occurs during the client/server negotiation phase of the connection. In order to exploit this issue, an attacker would need to host a malicious server and convince a client system to connect to it. An attacker could also try to perform a man-in-the-middle attack by responding to SMB requests from clients. Microsoft expects attempts to exploit would be more likely to result in a Denial of Service than in Remote Code Execution.

MS10-007 addresses a Critical vulnerability in Windows Shell Handler that affects Windows 2000, Windows XP, and Windows Server 2003. The attack vector is through a specially crafted link that appears to the ShellExecute API to be a valid link. This issue has not been publicly exposed but Microsoft gives it an Exploitability Index rating of 1, urging customers on affected platforms to install it as soon as possible.

MS10-008 is a cumulative update for ActiveX Killbits and is also Critical. A Killbit is not an update that addresses the underlying vulnerability. It is a registry setting that keeps the vulnerable ActiveX control from running in Internet Explorer.

Microsoft also patched a 17 year-old issue related to a vulnerability in Windows kernel that could allow elevation of privilege. Microsoft is aware of publicly available proof-of-concept code for that issue, but is not aware of any active attacks at this time.

Users may already have the updates if they have automatic updating turned on. All those who have automatic updating turned on could go to Microsoft Update. Microsoft Update is an online tool that will scan a computer and provide a report about what updates a computer needs.

Download updates from the Microsoft Download Center Security updates can be downloaded from the Microsoft Download Center.


Previous
Next
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android        All News        Apple Releases Aperture 3
RealNetworks and Viacom to Spin off Rhapsody     General Computing News      Micron to Acquire Numonyx For $1.27 Billion

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft, NXP Semiconductors, IAV and Auto Mobility Partners showcase Technologies For Safe And Personalized Automated Friving at CES 2017
Microsoft Partners with TomTom Mapping Company On Azure
European Commission Approves Acquisition of LinkedIn by Microsoft, Subject to Conditions
Microsoft Is Careful With New Chatbot Zo, Now Available For Testing
Microsoft Offers Grants to Organizations Working to Improve Affordable Internet Access
Microsoft Wants To Bring Something Different in The Smartphone Market
Microsoft's Solitaire Game Now Available On iOS And Android
Microsoft Joins The Linux Foundation, Google Embraces The .NET community
Microsoft Buys 237 Additional Megawatts of Wind Energy
Microsoft Introduces Chat-based Workspace in Office 365
Microsoft Identifies Russia-linked Hackers Exploiting Windows Flaw
Microsoft Researchers Reach Human Parity in Conversational Speech Recognition

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .