Sunday, October 26, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Panasonic to Offload Sanyo's North America TV Business
Google's Pichai to Become Head of Product at Google: report
Internet Explorer 11 Toolkit Allows Enterprise Admins "Spy" On Their Employees
FCC Says Airwave Auction To Delay Until 2016
HP Broadens Moonshot Portfolio With Intel-powered Models
Microsoft To Keep Nokia Brand For Low-end Smartphones
LG Introduces Its First Octa-Core Application Processor
Cloud and Surface 3 Drive Microsoft's Revenue
Active Discussions
Copied dvd's say blank in computer only
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, February 10, 2010
Microsoft Released February 2010 Security Bulletin


Microsoft's today released 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office.

The new patches address issues such as one for Windows that could be exploited to take control of a computer and another one that has resided in the 32-bit Windows kernel since its release 17 years ago.

Latest Security Updates

MS10-003 - addresses a vulnerability in Microsoft Office (KB 978214)
MS10-004 - addresses a vulnerability in Microsoft Office (KB 975416)
MS10-005 - addresses a vulnerability in Windows (KB 978706)
MS10-006 - addresses a vulnerability in Windows (KB 978251)
MS10-007 - addresses a vulnerability in Windows (KB 975713)
MS10-008 - addresses a vulnerability in Windows (KB 978262)
MS10-009 - addresses a vulnerability in Windows (KB 974145)
MS10-010 - addresses a vulnerability in Windows (KB 977894)
MS10-011 - addresses a vulnerability in Windows (KB 978037)
MS10-012 - addresses a vulnerability in Windows (KB 971468)
MS10-013 - addresses a vulnerability in Windows (KB 977935)
MS10-014 - addresses a vulnerability in Windows (KB 977290)
MS10-015 - addresses a vulnerability in Windows (KB 977165)

MS10-013, which addresses a Critical vulnerability in DirectShow. This issue is Critical on all supported versions of Windows except Itanium based server products and has an Exploitability Index rating of 1. To exploit the vulnerability, an attacker could host a malicious AVI file on a website and convince a user to visit the site, or send the file via email and convince the a user to open it.

MS10-006 is also Critical on all versions of Windows, except Windows Vista and Windows Server 2008, and addresses 2 vulnerabilities in SMB Client. One of the vulnerabilities has an Exploitability Index rating of 1. In the simplest scenario, a system connecting to a network file share is an SMB Client. The issue occurs during the client/server negotiation phase of the connection. In order to exploit this issue, an attacker would need to host a malicious server and convince a client system to connect to it. An attacker could also try to perform a man-in-the-middle attack by responding to SMB requests from clients. Microsoft expects attempts to exploit would be more likely to result in a Denial of Service than in Remote Code Execution.

MS10-007 addresses a Critical vulnerability in Windows Shell Handler that affects Windows 2000, Windows XP, and Windows Server 2003. The attack vector is through a specially crafted link that appears to the ShellExecute API to be a valid link. This issue has not been publicly exposed but Microsoft gives it an Exploitability Index rating of 1, urging customers on affected platforms to install it as soon as possible.

MS10-008 is a cumulative update for ActiveX Killbits and is also Critical. A Killbit is not an update that addresses the underlying vulnerability. It is a registry setting that keeps the vulnerable ActiveX control from running in Internet Explorer.

Microsoft also patched a 17 year-old issue related to a vulnerability in Windows kernel that could allow elevation of privilege. Microsoft is aware of publicly available proof-of-concept code for that issue, but is not aware of any active attacks at this time.

Users may already have the updates if they have automatic updating turned on. All those who have automatic updating turned on could go to Microsoft Update. Microsoft Update is an online tool that will scan a computer and provide a report about what updates a computer needs.

Download updates from the Microsoft Download Center Security updates can be downloaded from the Microsoft Download Center.


Previous
Next
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android        All News        Apple Releases Aperture 3
RealNetworks and Viacom to Spin off Rhapsody     General Computing News      Micron to Acquire Numonyx For $1.27 Billion

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft To Keep Nokia Brand For Low-end Smartphones
Cloud and Surface 3 Drive Microsoft's Revenue
Microsoft And Dell Puts Azure In A Box
Microsoft To Launch A Wearable Device Soon
Microsoft CEO Apologizes For Suggesting Women not Ask for Raises
Microsoft says Samsung owes Millions in unpaid Patent Royalties
Microsoft Wireless Display Adapter Connects Miracast Devices to HDTVs
Microsoft Releases New Arc Touch Bluetooth Mouse, PC Accessories
Microsoft To Hold Next-generation Windows Event
Microsoft to Buy Minecraft maker Mojang
Microsoft To Drop The Nokia Branding
Microsoft Azure Media Services Adds Live streaming, Content Protection and Indexing Services

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .