Microsoft Patch Tuesday – February 2010

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a busy month—the vendor is releasing 13 bulletins covering a total of 26 vulnerabilities.
Eight of the issues are rated “Critical” and affect SMB Server, SMB Client, Windows, and Data Analyzer ActiveX control. An attacker could exploit the SMB Server issues remotely to gain complete control of an affected computer. However, to exploit the SMB Client issues to compromise a computer, the attacker must first entice a victim to connect to a malicious server.
The remaining issues, rated “Important” and “Moderate,” affect SMB Server, Windows, Windows Kernel, Office, PowerPoint, and Paint. Although the kernel issues are rated only “Important” by Microsoft, we consider them to be a high security risk because exploit code already exists for one of the issues.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the February releases can (continue reading...)