In this case, the critical rating applies to all operating systems that Microsoft supplies with security patches. This includes the client operating systems Windows XP, Vista and Windows 7 as well as the server operating systems Windows Server 2008 and 2008 R2.

Here are two graphs visualizing the severity and exploitability index and the bulletin deployment priority.

Here is the list of security bulletins released in November 2011 by Microsoft.

• MS11-083 – Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.
• MS11-085 – Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
• MS11-086 – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
• MS11-084 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Microsoft has published a video in which Jerry Bryant discusses this month’s bulletins (Silverlight required).

Additional information about this month's security bulletins are available on the Technet Blog page and the Microsoft Security bulletin Summary for November 2011.

The updates are already available on Windows Update. Users who have started their computer earlier today may need to run a manual update check in Windows Update.

The updates will also be available shortly at Microsoft's Download center.

You find information about each security bulletin below. Please follow the links for information about affected operating systems and Microsoft applications. You find a summary of all security bulletins here.

Here are the Bulletin Deployment Priority and Severity and Exploitability Index screenshots for October 2011:

And a video in which Jerry Bryant discusses this month’s bulletins:

Windows users can update their operating system by installing the security patches via Windows Update or Microsoft's Download Center with Windows Update being the better option if the patches do not have to be installed on multiple computer systems.

Updates are already live and available via Windows Update. Additional information are available at Microsoft's Security Response Center.

All in all, the bulletins address 22 vulnerabilities in Microsoft products. The two critical updates address issues in Internet Explorer and DNS Server.

Microsoft has released deployment priorities and the severity and exploitability index. (click on the images for full size)

• MS11-057 – Cumulative Security Update for Internet Explorer (2559049) – This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-058 – Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) – This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.

The bulletins that fix important issues.

• MS11-059 – Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-060 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) – This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-061 – Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) – This security update resolves a privately reported vulnerability in Remote Desktop Web Access. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.
• MS11-062 – Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) –
  This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability and take complete control over the affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

• MS11-063 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) –
  This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-064 – Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.
• MS11-065 – Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) – This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow denial of service if an affected system received a sequence of specially crafted RDP packets. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system.
• MS11-066 – Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) – This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker’s user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected.
• MS11-067 – Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) – This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

And finally the moderate bulletins.

• MS11-068 – Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.
• MS11-069 – Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) – This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

The updates are as usually available via Windows Update and Microsoft’s Download Center (even though I would not recommend using this at this time as it is a mess).

Adobe, the company behind popular technologies such as Flash Player, Shockwave or Adobe Reader released five security bulletins on the same day after teaming up with Microsoft to coordinate security releases.. Of the five, three may be affecting end users as they address vulnerabilities in Adobe Reader and Acrobat, Shockwave Player and Flash Player. All three have received a maximum severity rating of critical, the highest possible rating.

The bulletin APSB11-16 describes a critical vulnerability in Adobe Reader X 10.0.3 and earlier on Windows, and Adobe Reader X 10.0.3 and earlier on Macintosh, as well as earlier versions of Adobe Reader 9 and 8, and Adobe Acrobat 9 and 8. The vulnerability could be exploited by attackers to crash the application to take control of the computer system Adobe Reader X is running on.

Adobe recommends to update the software product to the latest available version. For Adobe Reader X that would mean to update to version 10.1, for users of Adobe Reader 9.4.4 and earlier to update to version 9.4.5.

Adobe Reader and Acrobat users can check for updates in the program interface. This is done via Help > Check for Updates. Updates can also be downloaded from the following locations.

• Adobe Reader Windows
• Adobe Reader Macintosh

You can also check out Adobe Reader X Offline Installers

Security Bulletin APSB11-17 describes vulnerabilities in Adobe Shockwave Player 11.5.9.620 and earlier on the Windows and Macintosh platform. Attackers who successfully exploit the vulnerabilities could run malicious code on the computer system. Adobe recommends to update Shockwave Player to version 11.6.0.626 to protect the system from possible exploits.

Windows and Mac users who run Shockwave Player on their system can download the latest version at the official download site.

Bulletin APSB11-18 finally describes a vulnerability in Adobe Flash Player that affects Adobe Flash Player 10.3.181.23 and earlier on Windows, Macintosh, Linux and Solaris, as well as Flash Player 10.3.185.23 and earlier for Android.

The vulnerability could be exploited to cause a crash which could allow the attacker to gain control over the affected system. Adobe has confirmed reports that the vulnerability is exploited in the wild in the form of targeted attacks on specifically prepared websites.

Adobe recommends to update Flash Player to Adobe Flash Player 10.3.181.26 on desktop operating systems. Android users will receive a patch before week’s end.

Users can verify their installed version of Flash Player by visiting the About Flash Player page at Adobe.

Adobe lists the latest version for all supported operating systems on the page, so that users only need to compare their installed version with the latest available version to see if they need to update.

The latest versions can be downloaded from Adobe’s Flash Player Download Center. Users who do not want to use the download manager can check out this guide Download Adobe Flash Without Adobe Download Manager.

Google Chrome users can check for updates in Chrome to get the latest version. This is done by clicking on the wrench icon and selecting About Google Chrome.

Highest possible means that at least one operating system or application has received that rating. It happens that all programs receive the same rating, but it is often not the case.

When you look at affected software programs you will notice that the majority of bulletins resolve issues under Microsoft Windows. Other Microsoft software affected includes Microsoft Internet Explorer, Microsoft Office or the Microsoft .Net Framework.

Detailed bulletin information have not been released at this point. Windows users can however check for updates to download and install the security patches right away. This is done via Start Menu > All Programs > Windows Update.

I will update this guide as soon as more information become available.

Update: The June security bulletins have been posted.

• MS11-038 – Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
• MS11-039 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
• MS11-040 – Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
• MS11-041 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
• MS11-042 – Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
• MS11-043 – Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
• MS11-044 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
• MS11-050 – Cumulative Security Update for Internet Explorer (2530548)
• MS11-052 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
• MS11-037 – Vulnerability in MHTML Could Allow Information Disclosure (2544893)
• MS11-045 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
• MS11-046 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
• MS11-047 – Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
• MS11-048 – Vulnerability in SMB Server Could Allow Denial of Service (2536275)
• MS11-049 – Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
• MS11-051 – Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

You get an overview of all patches on the security bulletin summary page over at Microsoft. It lists for instance the individual severity level of all affected operating systems and applications. Patches do not seem to have been posted yet on Microsoft Download Center.

If you look at the maximum severity rating you notice that the Windows vulnerabilities have received a severity rating of critical, the highest possible rating. The Office bulletin on the other hand received a rating of important, the second highest rating.

Microsoft Security Bulletin MS11-035 offers detailed information about the Windows vulnerability. It affects only Windows Server products, from Windows Server 2003 to Windows Server 2008 R2. Not affected are all client operating systems of Microsoft.

If you look at Microsoft Security Bulletin MS11-036 you notice that Office XP, 2003 and 2007 are affected on Windows. Furthermore affected are Microsoft Office 2004 and 2008 for Mac, the Open XML File Format Converter for Mac and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.

Why is not Office 2010 affected by the vulnerability? Because Office File Validation mitigates the risk of the vulnerability.

• MS11-035 – Vulnerability in WINS Could Allow Remote Code Execution (2524426) – This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
• MS11-036 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814) – This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1269 and CVE-2011-1270.

Additional information on both vulnerabilities are available at the MSRC Technet Blog.

The patches are available via Windows Update or the Microsoft Download Center. The May Security Release ISO image is available there as well.

When you look at the number of critical vulnerabilities of each individual operating system you will notice that Windows Vista leads the pack with nine critical security vulnerabilities followed by Windows 7 with eight and Windows XP with seven.

The security patches protect the system against remote code execution, information disclosure and elevation of privileges.

You find information about each individual security bulletin, their severity rating and impact over at the Microsoft Security Bulletin Summary for April 2011.

Another interesting read is the risk assessment of April’s security updates. Microsoft is aware that some issues are already exploited, while others are likely to be exploited in the coming 30 days.

Windows Updates are as usually available on various channels. Most Windows users are probably using automatic updates to install the new patches. Those who do not can check manually for updates or visit the Microsoft Download Center to download the patches individually. Another option is to download the April Security Release ISO which contains all Windows patches released in April.

One of the vulnerabilities has a maximum severity rating of critical, the highest possible. The two remaining vulnerabilities are rated as important.

A critical vulnerability has been discovered in Windows Media that could be exploited for remote code execution. The vulnerability has been rated as critical for all Microsoft client operating systems, from Windows XP to Windows 7. Windows Server 2008 R2 is the only server product affected, the vulnerability received a rating of important here.

Below are links to each security bulletin. The Bulletins offer information about the affected products, severity rating and non-affected software.

Users can update their Windows operating system and Microsoft Office via Windows Update, the Microsoft Download Center or by downloading the March 2011 Security Release ISO image.

In other news, Microsoft is still working on a fix for the MHTML-related vulnerability that was discovered in January. Additional information are available at the Microsoft Security Response Center.

Windows users can check for the updates by opening Windows Update which is linked from the Windows start menu. There it is possible to check for new updates which needs to be done if the PC has been running for some time today.

The security bulletin summary for February 2011 offers in depth information about the updates and the affected applications.

All individual security bulletins are listed and linked below as well.

• MS11-003 – Cumulative Security Update for Internet Explorer (2482017) – This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user opens a legitimate HTML file that loads a specially crafted library file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-006 – Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) – This security update resolves a publicly disclosed vulnerability in the Windows Shell graphics processor. The vulnerability could allow remote code execution if a user views a specially crafted thumbnail image. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-007 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) – This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• MS11-004 – Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) – This security update resolves a publicly disclosed vulnerability in Microsoft Internet Information Services (IIS) FTP Service. The vulnerability could allow remote code execution if an FTP server receives a specially crafted FTP command. FTP Service is not installed by default on IIS.
• MS11-005 – Vulnerability in Active Directory Could Allow Denial of Service (2478953) – This security update resolves a publicly disclosed vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sent a specially crafted packet to an affected Active Directory server. The attacker must have valid local administrator privileges on the domain-joined computer in order to exploit this vulnerability.
• MS11-008 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) – This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-009 – Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) – This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• MS11-010 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687) – This security update resolves a privately reported vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and starts a specially crafted application that continues running after the attacker logs off in order to obtain the logon credentials of subsequent users. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS11-011 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) – This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS11-012 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) – This security update resolves five privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS11-013 – Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) – This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer.
• MS11-014 – Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) – This security update resolves a privately reported vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows XP and Windows Server 2003.

  The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

The updates can also be downloaded directly and individually from the Microsoft Download Center. Check out our detailed Windows Update guide for additional information and tips.

The Microsoft Security Bulletin Advance Notification for February 2011 details the upcoming patches. A total of 12 security bulletins are released next Tuesday of which all but one fix issues in the Microsoft Windows operating system. The remaining patch fixes a vulnerability in Microsoft Office.

Three of the security vulnerabilities have received a maximum severity rating of critical, the highest available rating, the remaining nine a severity rating of important.

• Microsoft’s newest operating system Windows 7 is affected by seven of the twelve issues. Of those, two are rated critical and the remaining five as important.
• Windows Vista is affected by six vulnerabilities with three rated as critical and the remaining three as important.
• Windows XP is affected by eight vulnerabilities with two being rated as critical and six as important.
• Windows Server 2003 is affected by 10 vulnerabilities of which one is critical, eight are important and one is moderate.
• Windows Server 2008 is affected in the same way as the Vista operating system, with the exception that one of the critical vulnerabilities is only rated as moderate here.
• Windows Server 2008 R2 finally is affected the same way as Windows 7, again with the exception of two vulnerabilities that are rated as moderate instead of critical and important.

The remaining vulnerabiliy affected Microsoft Visio 2002 Service Pack 2, Visio 2003 Service Pack 3 and Visio 2007 Service Pack 2. It is rated as important.

The advanced notifications are accessible here.

Adobe

Adobe has released a Prenotification Security Advisory for Adobe Reader and Acrobat.

Adobe is planning to release updates for Adobe Reader X (10.0) for Windows and Macintosh, Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX, Adobe Acrobat X (10.0) for Windows and Macintosh, and Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh to resolve critical security issues. Adobe expects to make updates for Windows and Macintosh available on Tuesday, February 8, 2011. An update for UNIX is expected to be available by the week of February 28, 2011.

Expect lots of patching next Tuesday. We will post detailed information once the patches are released by Microsoft and Adobe.

When we look at the severity rating of those vulnerabilities we notice that two of the bulletins have a maximum severity rating of critical while the remaining ones a rating of important with the exception of one that has been rated as moderate.

Maximum severity rating means that at least one Microsoft product is affect this way by the vulnerability. The critical vulnerability MS10-090 affects Internet Explorer 6 to Internet Explorer 8 and is critical on all Microsoft operating systems. Vulnerability MS10-091 on the other hand is critical on Windows Vista and Windows 7 but not on Windows XP, something that we do not see very often thanks to improved security of the two operating systems.

The updates are already available via Windows Update and the Microsoft Download Center.

• MS10-090 – Cumulative Security Update for Internet Explorer (2416400) – This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-091 – Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199) – This security update resolves several privately reported vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OpenType font on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS10-092 – Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) – This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-093 – Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) – This security update resolves a publicly disclosed vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Movie Maker file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-094 – Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) – This security update resolves a publicly disclosed vulnerability in Windows Media Encoder. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Media Profile (.prx) file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-095 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-096 – Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) – This security update resolves a publicly disclosed vulnerability in Windows Address Book. The vulnerability could allow remote code execution if a user opens a Windows Address Book file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• MS10-097 – Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) – This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow remote code execution if a user opens an .ins or .isp file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.

• MS10-098 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) – This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
• MS10-099 – Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) – This security update addresses a privately reported vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

• MS10-100 – Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) – This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-101 – Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) – This security update resolves a privately reported vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability.
• MS10-102 – Vulnerability in Hyper-V Could Allow Denial of Service (2345316) – This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
• MS10-103 – Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) – This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-104 – Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) – This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007.
• MS10-105 – Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) – This security update resolves seven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-106 – Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) – This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Additional information are available at the security bulletin summary and the Microsoft Security Response Center.

• MS10-087 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) – This security update resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-088 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) – This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-089 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) – This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

The security patches are as usually available via Windows Update, Microsoft Update and direct download. Office and Forefront users should patch the security vulnerabilities as soon as possible, everyone else can relax this month and wait for things to come. (via)

This month’s patch day is huge. While it is not the largest in history, it addresses the impressive amount of 49 vulnerabilities affecting Windows, Internet Explorer, Microsoft Office and the .net framework.

Looking at the number and type of updates this month, we have a fairly standard number of bulletins affecting products like Windows and Office. This month we also have a few bulletins originating from product groups that we don’t see on a regular basis. For example, SharePoint, the Microsoft Foundation Class (MFC) Library (which is an application framework for programming in Windows), and the .NET Framework. It’s worth noting that only six of the 49 total vulnerabilities being addressed have a critical rating. Further, three of the bulletins account for 34 of the total vulnerabilities. (via)

Deployment Priority

Severity and Exploitability

Four of the vulnerabilities have a maximum severity rating of critical, 10 of important and the remaining 2 of moderate.

• MS10-071 – Cumulative Security Update for Internet Explorer (2360131) – This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-075 – Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679) – This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player network sharing service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.
• MS10-076 – Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) – This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-077 – Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) – This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.
• MS10-072 – Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) – This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially crafted script to a target site using SafeHTML.
• MS10-073 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) – This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

  An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

• MS10-078 – Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) – This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted OpenType font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

• MS10-079 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) – This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-080 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211) – This security update resolves thirteen privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-081 – Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011) – This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-082 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-083 – Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-084 – Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

  The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs specially crafted code that sends an LPC message to the local LRPC Server. The message could then allow an authenticated user to access resources that are running in the context of the NetworkService account. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

• MS10-085 – Vulnerability in SChannel Could Allow Denial of Service (2207566) – This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.
• MS10-074 – Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149) – This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the MFC Library. An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-086 – Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) – This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to the cluster disks used in a failover cluster.

The patches are as usual available via Windows Update and Microsoft Download. Microsoft has furthermore released the October 2010 Security Release ISO Image containing all references security patches and Knowledgebase articles.

The maximum severity rating has been set to critical. The critical rating applies only to some operating systems and applications.

Both vulnerabilities can be exploited to execute code remotely on affected operating systems and applications.

• MS10-030 – Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) – This security update resolves a privately reported vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS10-031 – Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) – This security update resolves a privately reported vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security patches can be downloaded via Windows Update, Microsoft Update and the individual security bulletin pages.

Five of the updates have received a critical rating by Microsoft, the highest security rating. Seven were ranked as important which is the second highest rating and one as moderate. The security ratings can vary depending on the operating system and Office version used.

Microsoft Windows 7 users for instance will notice that the security updates have all received an important rating for their operating system while Windows 2000 or Windows XP users will notice that their operating systems have received the largest amount of critical ratings.

• Microsoft Security Bulletin MS10-006 – Critical – Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) – his security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.
  This security update is rated Critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2, and is rated Important for Windows Vista and Windows Server 2008.
• Microsoft Security Bulletin MS10-007 – Critical – Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) – This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
  This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003
• Microsoft Security Bulletin MS10-008 – Critical – Cumulative Security Update of ActiveX Kill Bits (978262) – his security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
• Microsoft Security Bulletin MS10-009 – Critical – Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) – his security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
  This security update is rated Critical for Windows Vista and Windows Server 2008.
• Microsoft Security Bulletin MS10-013 – Critical – Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) – This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Critical for all supported editions of Microsoft Windows except for all supported Itanium-based editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, for which this security update is rated Important.
• Microsoft Security Bulletin MS10-003 – Important – Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) – This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Important for all supported editions of Microsoft Office XP and Microsoft Office 2004 for Mac.
• Microsoft Security Bulletin MS10-004 – Important – Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) – This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Important for supported editions of Microsoft Office PowerPoint 2002 and Microsoft Office PowerPoint 2003, and Microsoft Office 2004 for Mac
• Microsoft Security Bulletin MS10-010 – Important – Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) – his security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
  This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2
• Microsoft Security Bulletin MS10-011 – Important – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) – This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
  This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
• Microsoft Security Bulletin MS10-012 – Important – Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) – This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
  This security update is rated Important for all supported editions of Microsoft Windows.
• Microsoft Security Bulletin MS10-014 – Important – Vulnerability in Kerberos Could Allow Denial of Service (977290) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
  This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008
• Microsoft Security Bulletin MS10-015 – Important – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) – his security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
  This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 for 32-bit Systems.
• Microsoft Security Bulletin MS10-005 – Moderate – Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) – This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  This security update is rated Moderate for Microsoft Windows 2000, Windows XP, and Windows Server 2003

Updates can be downloaded and installed the usual ways. This includes through Windows Update, Microsoft Update, downloading the updates individually or downloading the security CD for February 2010 which will is provided by Microsoft after every patch day.

Adobe on the other hand plans to release security patches for its popular PDF reader Adobe Reader that are also rated critical. The updates will all be released tomorrow and system administrators will certainly their hands full updating the computer systems that run the software and operating systems.

A closer look at the Microsoft Patch Day reveals eight critical security vulnerabilities and five important vulnerabilities that will get fixed with the patches that are released tomorrow. The majority of vulnerabilities affects the Windows operating system but it does also include one critical Internet Explorer vulnerability.

System administrators and Windows users are encouraged to visit the two websites linked above for further information. These websites will also contain the links to patch the security vulnerabilities. Windows users can also use Windows Update, Microsoft Update or Automatic Updates to update their operating system.

One security vulnerability has a critical rating for all affected operating systems while the other two are rated important by Microsoft’s security research team.

Details about the Security Bulletins can be found by following these links: Microsoft Security Bulletin MS09-006, MS09-007 or MS09-008. Another possibility is to access the Security Bulletin Summary at Microsoft Technet.

The vulnerabilities fix one remote code execution vulnerability and two spoofing vulnerabilities on the affected Windows operating systems:

• Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
• Vulnerability in SChannel Could Allow Spoofing
• Vulnerabilities in DNS and WINS Server Could Allow Spoofing

Microsoft released a batch of eleven security patches for various operating systems and products yesterday which are available by visiting Windows Update or Microsoft Technet which contains in depths information about the affected products and the security vulnerabilities.

The patches fix four critical, six important and 1 moderate security vulnerability:

• Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
• Cumulative Security Update for Internet Explorer (956390)
• Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
• Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

• Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
• Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
• Vulnerability in SMB Could Allow Remote Code Execution (957095)
• Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
• Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

• Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

It is highly recommended to update the products as soon as possible to protect the system from this attacks.