Feb 9, 2011 11:48 GMT  ·  By

Three of the security bulletins released this month by Microsoft are considered priorities when it comes down to deployment.

One of the patch packages is designed to resolve vulnerabilities affecting Internet Explorer, and the remaining two are set up to plug security holes in Windows.

In total, the Redmond company made available a dozen security bulletins patching vulnerabilities in Office and Internet Information Services (IIS) in addition to the holes in Windows and IE.

“February’s bulletins include three rated Critical and nine rated Important, to address a total of 22 unique vulnerabilities in Microsoft Office, Windows, Internet Explorer and Internet Information Services (IIS),” explains Angela Gunn, security response communications manager, Microsoft in an email to Softpedia.

Of course, now that the February 2011 security updates are available, the recommendation from Microsoft is that customers make sure to deploy the patches as soon as possible in order to render useless any exploit attempts or attacks targeting the flaws.

Out of the total of 12 security bulletins, MS11-003 (addressing four vulnerabilities in IE), MS11-006 (addressing one vulnerability in Windows) and MS11-007 (addressing one vulnerability in Windows), all rated Critical, need to be prioritized.

“o MS11-003. This bulletin resolves three critical-level and moderate-level vulnerabilities affecting all versions of Internet Explorer. Due to existing mitigations, this bulletin is only rated at Moderate severity for all versions of Windows Server, has an Exploitability Index rating of 1, and will deprecate Security Advisory 2488013.

o MS11-006. This bulletin addresses one Critical-level vulnerability affecting Windows XP, Vista, Server 2003, and Server 2008. Newer versions of our operating system are unaffected. The vulnerability involves Windows Shell Graphics and could if exploited lead to remote code execution. This has an Exploitability Index rating of 1 and will deprecate Security Advisory 2490606 which we released on January 4th. Since that time, we have not seen any attacks against this issue.

o MS11-007. This bulletin addresses one privately reported vulnerability affecting all supported versions of Windows and involving the OpenType Compact Font Driver. It's rated Critical for Windows Vista, Windows 7, Server 2008 and Server 2008 R2; it's rated Important for Windows XP and Server 2003. This issue has an Exploitability Index rating of 2,” Gunn stated.

As per usual, Microsoft’s Jerry Bryant, group manager, response communications published a video detailing the February 2011 security bulletin releases, providing insight into each patch, as well as the risk and impact scenarios associated with the updates.

Here is the list of Microsoft February Security Bulletins supplied by Gunn:

·         MS11-003 addresses four vulnerabilities in Internet Explorer; it has a maximum severity rating of Critical and an Exploitability Index rating of 1.

·         MS11-004 addresses one vulnerability in Internet Information Services FTP Service; it has a maximum severity rating of Important and an Exploitability Index rating of 2.

·         MS11-005 addresses one vulnerability in Windows; it has a maximum severity rating of Important and an Exploitability Index rating of 3.

·         MS11-006 addresses one vulnerability in Windows; it has a maximum severity rating of Critical and an Exploitability Index rating of 1.

·         MS11-007 addresses one vulnerability in Windows; it has a maximum severity rating of Critical and an Exploitability Index rating of 2.

·         MS11-008 addresses two vulnerabilities in Microsoft Office; it has a maximum severity rating of Important and an Exploitability Index rating of 1.

·         MS11-009 addresses one vulnerability in Windows; it has a maximum severity rating of Important and an Exploitability Index rating of 3.

·         MS11-010 addresses one vulnerability in Windows; it has a maximum severity rating of Important and an Exploitability Index rating of 1.

·         MS11-011 addresses two vulnerabilities in Windows; it has a maximum severity rating of Important and an Exploitability Index rating of 1.

·         MS11-012 addresses five vulnerabilities in Windows; it has a maximum severity rating of Important and an Exploitability Index rating of 1.

·         MS11-013 addresses two vulnerabilities in Windows; it has a maximum severity rating of Important and an Exploitability Index rating of 1.

·         MS11-014 addresses one vulnerability in Windows; it has a maximum severity rating of Important and an Exploitability Index rating of 1.

Photo Gallery (3 Images)

Windows Update
Bulletin Deployment PrioritySeverity and Exploitability Index
Open gallery