Microsoft Security Bulletin Release: February 2010


securitybulletin

Today we have released 13 new security bulletins.  Please see the details below for more details of the updates and make sure you apply them to your environments where necessary.

Bulletin ID

Bulletin Title

Max Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software

MS10-003

Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution

Important

Remote Code Execution

May require restart

Microsoft Office XP, Office 2004 for Mac.

MS10-004

Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution

Important

Remote Code Execution

May require restart

Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac.

MS10-005

Vulnerability in Microsoft Paint Could Allow Remote Code Execution

Moderate

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, and Windows Server 2003.

MS10-006

Vulnerabilities in SMB Client Could Allow Remote Code Execution

Critical

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-007

Vulnerability in Windows Shell Handler Could Allow Remote Code Execution

Critical

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, and Windows Server 2003.

MS10-008

Cumulative Security Update of ActiveX Kill Bits

Critical

Remote Code Execution

May require restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-009

Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution

Critical

Remote Code Execution

Requires restart

Microsoft Windows Vista and Windows Server 2008.

MS10-010

Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service

Important

Denial of Service

Requires restart

Microsoft Windows Server 2008 and Windows Server 2008 R2.

MS10-011

Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

Important

Elevation of Privilege

Requires restart

Microsoft Windows 2000, Windows XP, and Windows Server 2003.

MS10-012

Vulnerabilities in SMB Server Could Allow Remote Code Execution

Important

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-013

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

Critical

Remote Code Execution

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

MS10-014

Vulnerability in Kerberos Could Allow Denial of Service

Important

Denial of Service

Requires restart

Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008.

MS10-015

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Important

Elevation of Privilege

Requires restart

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.

If you would like a summary of the bulletins please go here.

Microsoft Windows Malicious Software Removal Tool

We are also releasing a new version of the Windows Malicious Software Removal Tool.  You can get more details here.

New Security Advisory

Also as part of this month’s security bulletin we are releasing a new security advisory.  More details below.

Identifier

Vulnerability in TLS/SSL Could Allow Spoofing (977377)

Summary

Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability.

As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors. We are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues.

As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround is not intended for wide implementation and should be tested extensively prior to implementation.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, depending on customer needs.

Affected Software

  •  Windows 2000 (All Supported Versions)
  • Windows XP (All Supported Versions)
  • Windows Server 2003 (All Supported Versions)
  • Windows Vista (All Supported Versions)
  •  Windows Server 2008 (All Supported Versions)
  • Windows 7 (All Supported Versions)
  • Windows Server 2008 R2 (All Supported Versions)

Recommendations

Review Microsoft Security Advisory 977377 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources.

Additional Resources

Jeffa

Comments (0)

Skip to main content