14 DAY TRIAL // Microsoft has released no less than 13 security bulletins this month, patching a total of 26 vulnerabilities across its main cash cows, Windows and Office. Five of the patch packages offered by the Redmond company this month come with a maximum severity rating of Critical, with seven other considered Important and the remaining one just Moderate. “It’s recommended that customers deploy all security updates as soon as possible,” advised Jerry Bryant, senior security communications manager lead, Microsoft.
The updates are already live on Windows Updates and customers need only check for new refreshes or activate Automatic Updates in order for the patches to be automatically deployed to their computers. At the bottom of the screen, users will be able to find an exhaustive list with the February 2010 security bulletin releases for additional information.
“Of the bulletins released this month, customers should prioritize and deploy MS10-006, MS10-007, MS10-008, and MS10-013, given Critical severity ratings and Exploitability Index ratings of 1 (“Consistent Exploit Code Likely”). Please note that MS10-008, Cumulative Security Update of ActiveX Kill Bits, does not have an Exploitability Index rating, but should still be prioritized with the three bulletins above. A Kill Bit blocks the vulnerable ActiveX control from being used by Internet Explorer and does not address the underlying vulnerability. Microsoft has only issued an Exploitability Index rating for ActiveX cumulative updates when specific controls are under active exploitation. MS10-015, an Elevation of Privilege vulnerability with a severity rating of Important, is also given a high deployment priority due to publicly available Proof-of-Concept code,” Bryant explained.
No less than five of the security bulletins mentioned below also impact Windows 7. Notable in this regard, is MS10-015, designed to offer a patch for a 17-year old vulnerability which affects all 32-bit (x86) releases of Windows.
Microsoft February Security Bulletin Release
· MS10-003 addresses one vulnerability in Office, has a maximum severity rating of Important and an Exploitability Index rating of 1.
· MS10-004 addresses six vulnerabilities in Office, has a maximum severity rating of Important and an Exploitability Index rating of 1.
· MS10-005 addresses one vulnerability in Windows, has a maximum severity rating of Moderate and an Exploitability Index rating of 2.
· MS10-006 addresses two vulnerabilities in Windows, has a maximum severity rating of Critical and an Exploitability Index rating of 1.
· MS10-007 addresses one vulnerability in Windows, has a maximum severity rating of Critical and an Exploitability Index rating of 1.
· MS10-008 addresses one vulnerability in Windows, has a maximum severity rating of Critical and an Exploitability Index rating of NA.
· MS10-009 addresses four vulnerabilities in Windows, has a maximum severity rating of Critical and an Exploitability Index rating of 2.
· MS10-010 addresses one vulnerability in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 3.
· MS10-011 addresses one vulnerability in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 1.
· MS10-012 addresses four vulnerabilities in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 1.
· MS10-013 addresses one vulnerability in Windows, has a maximum severity rating of Critical and an Exploitability Index rating of 1.
· MS10-014 addresses one vulnerability in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 3.
· MS10-015 addresses two vulnerabilities in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 1.