February Patch Tuesday—13 Security Bulletins for 26 Vulnerabilities Plus a FAKEAV

As previously announced in the Microsoft Security Bulletin Advance Notification released last week, this month’s patch cycle includes 13 bulletins intended to patch 26 vulnerabilities in several versions of Windows OS and Office. The record release is a far cry from last month’s lone patch.
The long list includes five bulletins rated “critical,” which specifically patch nine vulnerabilities that could lead to remote code execution. Unless patched, an attacker could exploit any of the said vulnerabilities to gain control of the user’s system. Most notable on the list is MS10-013, which could give an attacker complete control of an affected system. Considering the damage that exploiting this vulnerability could cause, it is very important that users patch their systems as soon as possible.
The February release also includes seven bulletins rated “important” and one rated “moderate.” It is also important to note the addition of MS10-015 to the list, which addresses the so-called 17-year-old hole described in Security Advisory 979682. However, Microsoft reiterates that while it is aware of publicly available proof-of-concept (POC) code for the issue, it has yet to see any active exploits. More information on the complete list of security advisories can be found in this Trend Micro Security Advisory page.
Coinciding with this month’s release is yet another FAKEAV (continue reading...)