Thursday, July 31, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Researchers Discover New Smartphone Flaws
U.S. Government Issues Warning About Malicious Software
Hackers Can Use USB Devices in Attacks
Next Apple TV Release Delayed
CoD: Advanced Warfare Collector's Editions Announced
Lite-On IT Merged With Lite-On
AMD Introduces New Kaveri APUs for System Builders
Toshiba, Samsung Vie For 48-layer 3-D NAND Chips
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, February 10, 2010
Microsoft Released February 2010 Security Bulletin


Microsoft's today released 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office.

The new patches address issues such as one for Windows that could be exploited to take control of a computer and another one that has resided in the 32-bit Windows kernel since its release 17 years ago.

Latest Security Updates

MS10-003 - addresses a vulnerability in Microsoft Office (KB 978214)
MS10-004 - addresses a vulnerability in Microsoft Office (KB 975416)
MS10-005 - addresses a vulnerability in Windows (KB 978706)
MS10-006 - addresses a vulnerability in Windows (KB 978251)
MS10-007 - addresses a vulnerability in Windows (KB 975713)
MS10-008 - addresses a vulnerability in Windows (KB 978262)
MS10-009 - addresses a vulnerability in Windows (KB 974145)
MS10-010 - addresses a vulnerability in Windows (KB 977894)
MS10-011 - addresses a vulnerability in Windows (KB 978037)
MS10-012 - addresses a vulnerability in Windows (KB 971468)
MS10-013 - addresses a vulnerability in Windows (KB 977935)
MS10-014 - addresses a vulnerability in Windows (KB 977290)
MS10-015 - addresses a vulnerability in Windows (KB 977165)

MS10-013, which addresses a Critical vulnerability in DirectShow. This issue is Critical on all supported versions of Windows except Itanium based server products and has an Exploitability Index rating of 1. To exploit the vulnerability, an attacker could host a malicious AVI file on a website and convince a user to visit the site, or send the file via email and convince the a user to open it.

MS10-006 is also Critical on all versions of Windows, except Windows Vista and Windows Server 2008, and addresses 2 vulnerabilities in SMB Client. One of the vulnerabilities has an Exploitability Index rating of 1. In the simplest scenario, a system connecting to a network file share is an SMB Client. The issue occurs during the client/server negotiation phase of the connection. In order to exploit this issue, an attacker would need to host a malicious server and convince a client system to connect to it. An attacker could also try to perform a man-in-the-middle attack by responding to SMB requests from clients. Microsoft expects attempts to exploit would be more likely to result in a Denial of Service than in Remote Code Execution.

MS10-007 addresses a Critical vulnerability in Windows Shell Handler that affects Windows 2000, Windows XP, and Windows Server 2003. The attack vector is through a specially crafted link that appears to the ShellExecute API to be a valid link. This issue has not been publicly exposed but Microsoft gives it an Exploitability Index rating of 1, urging customers on affected platforms to install it as soon as possible.

MS10-008 is a cumulative update for ActiveX Killbits and is also Critical. A Killbit is not an update that addresses the underlying vulnerability. It is a registry setting that keeps the vulnerable ActiveX control from running in Internet Explorer.

Microsoft also patched a 17 year-old issue related to a vulnerability in Windows kernel that could allow elevation of privilege. Microsoft is aware of publicly available proof-of-concept code for that issue, but is not aware of any active attacks at this time.

Users may already have the updates if they have automatic updating turned on. All those who have automatic updating turned on could go to Microsoft Update. Microsoft Update is an online tool that will scan a computer and provide a report about what updates a computer needs.

Download updates from the Microsoft Download Center Security updates can be downloaded from the Microsoft Download Center.


Previous
Next
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android        All News        Apple Releases Aperture 3
RealNetworks and Viacom to Spin off Rhapsody     General Computing News      Micron to Acquire Numonyx For $1.27 Billion

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft Details Windows Phone 8.1 Update, Brings Cortana To New Markets
Microsoft Releases The Sharks Cove, A Raspberry Pi Alternative
China Starts Anti-monopoly Investigation On Microsoft
Microsoft's Profit Hurt By Nokia Acquisition, Plans Unified OS
Microsoft Is Shutting Down Xbox Entertainment Studios
Microsoft To Eliminate 18,000 Jobs
Microsoft To Take EU 'Right to be forgotten' Requests
Microsoft To Announce Job Cuts
Microsoft To Take On Chromebooks with $200 Windows Notebooks
Microsoft's Nadella To Announce Company Sharkeup
Microsoft Patches IE In Latest Security Updates
Microsoft's Smartwatch Rumored For October Launch

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .