Sunday, April 19, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Moore's Law And The Software Industry
Adobe And Windows Zero-Day Exploits Likely Leveraged by Russians In Highly-Targeted Attack
Samsung Logo Removed From Japanese Smartphones
Google Is Getting Serious With Project Loon
New Technology Can Track Detailed Hand Motion
Office Universal apps Coming Next Month On Windows 10 for Phones
FCC Makes 150 MHz Of Contiguous Spectrum Available To Telecom Companies
Google Extends Chrome Support For Windows XP
Active Discussions
Help make DVDInfoPro better with dvdinfomantis!!!
Question about nero
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
cdrw trouble
Need serious help!!!!
burning
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, February 10, 2010
Microsoft Released February 2010 Security Bulletin


Microsoft's today released 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office.

The new patches address issues such as one for Windows that could be exploited to take control of a computer and another one that has resided in the 32-bit Windows kernel since its release 17 years ago.

Latest Security Updates

MS10-003 - addresses a vulnerability in Microsoft Office (KB 978214)
MS10-004 - addresses a vulnerability in Microsoft Office (KB 975416)
MS10-005 - addresses a vulnerability in Windows (KB 978706)
MS10-006 - addresses a vulnerability in Windows (KB 978251)
MS10-007 - addresses a vulnerability in Windows (KB 975713)
MS10-008 - addresses a vulnerability in Windows (KB 978262)
MS10-009 - addresses a vulnerability in Windows (KB 974145)
MS10-010 - addresses a vulnerability in Windows (KB 977894)
MS10-011 - addresses a vulnerability in Windows (KB 978037)
MS10-012 - addresses a vulnerability in Windows (KB 971468)
MS10-013 - addresses a vulnerability in Windows (KB 977935)
MS10-014 - addresses a vulnerability in Windows (KB 977290)
MS10-015 - addresses a vulnerability in Windows (KB 977165)

MS10-013, which addresses a Critical vulnerability in DirectShow. This issue is Critical on all supported versions of Windows except Itanium based server products and has an Exploitability Index rating of 1. To exploit the vulnerability, an attacker could host a malicious AVI file on a website and convince a user to visit the site, or send the file via email and convince the a user to open it.

MS10-006 is also Critical on all versions of Windows, except Windows Vista and Windows Server 2008, and addresses 2 vulnerabilities in SMB Client. One of the vulnerabilities has an Exploitability Index rating of 1. In the simplest scenario, a system connecting to a network file share is an SMB Client. The issue occurs during the client/server negotiation phase of the connection. In order to exploit this issue, an attacker would need to host a malicious server and convince a client system to connect to it. An attacker could also try to perform a man-in-the-middle attack by responding to SMB requests from clients. Microsoft expects attempts to exploit would be more likely to result in a Denial of Service than in Remote Code Execution.

MS10-007 addresses a Critical vulnerability in Windows Shell Handler that affects Windows 2000, Windows XP, and Windows Server 2003. The attack vector is through a specially crafted link that appears to the ShellExecute API to be a valid link. This issue has not been publicly exposed but Microsoft gives it an Exploitability Index rating of 1, urging customers on affected platforms to install it as soon as possible.

MS10-008 is a cumulative update for ActiveX Killbits and is also Critical. A Killbit is not an update that addresses the underlying vulnerability. It is a registry setting that keeps the vulnerable ActiveX control from running in Internet Explorer.

Microsoft also patched a 17 year-old issue related to a vulnerability in Windows kernel that could allow elevation of privilege. Microsoft is aware of publicly available proof-of-concept code for that issue, but is not aware of any active attacks at this time.

Users may already have the updates if they have automatic updating turned on. All those who have automatic updating turned on could go to Microsoft Update. Microsoft Update is an online tool that will scan a computer and provide a report about what updates a computer needs.

Download updates from the Microsoft Download Center Security updates can be downloaded from the Microsoft Download Center.


Previous
Next
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android        All News        Apple Releases Aperture 3
RealNetworks and Viacom to Spin off Rhapsody     General Computing News      Micron to Acquire Numonyx For $1.27 Billion

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft, Yahoo Renew Search Deal
Microsoft Introduces Lumia 540 Dual SIM
Microsoft Lens Transforms Your iPhone To A Portable Scanner
Data Requests To Microsoft Decreased
Samsung to Bring Microsoft Services on More Devices
Microsoft Collaborates With Ford On Conected Cars
Microsoft Releases New Business Products
Microsoft To Offer Cortana To Android, iOS
Microsoft Proposes New Power Backup Specification
MWC: Microsoft Unveils The Lumia 640 and Lumia 640 XL
Microsoft Band Gets New Features
Internet Explorer To Support HTTP Strict Transport Security Protocol

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .