Microsoft Security Updates February 2010

Martin Brinkmann
Feb 10, 2010
Updated • Jun 19, 2016
Windows, Windows Updates
|
4

Microsoft has released a total of 14 security updates on yesterday's patch day. The updates are, as usual, for several Microsoft software products including the Microsoft Windows operating system and Microsoft Office.

Five of the updates have received a critical rating by Microsoft, the highest security rating. Seven were ranked as important which is the second highest rating and one as moderate. The security ratings can vary depending on the operating system and Office version used.

Microsoft Windows 7 users for instance will notice that the security updates have all received an important rating for their operating system while Windows 2000 or Windows XP users will notice that their operating systems have received the largest amount of critical ratings.

Microsoft Security Updates February 2010

Microsoft Security Bulletin MS10-006 - Critical - Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)

ADVERTISEMENT

This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.

Microsoft Security Bulletin MS10-007 - Critical - Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)

This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.

Microsoft Security Bulletin MS10-008 - Critical - Cumulative Security Update of ActiveX Kill Bits (978262)

This security update addresses a privately reported vulnerability for Microsoft software.

Microsoft Security Bulletin MS10-009 - Critical - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)

This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.

Microsoft Security Bulletin MS10-013 - Critical - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)

This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS10-003 - Important - Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)

This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS10-004 - Important - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)

This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS10-010 - Important - Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)

This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Microsoft Security Bulletin MS10-011 - Important - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)

This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

Microsoft Security Bulletin MS10-012 - Important - Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)

This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.

Microsoft Security Bulletin MS10-014 - Important - Vulnerability in Kerberos Could Allow Denial of Service (977290)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.

Microsoft Security Bulletin MS10-015 - Important - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)

This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.

Microsoft Security Bulletin MS10-005 - Moderate - Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)

This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Updates can be downloaded and installed the usual ways. This includes through Windows Update, Microsoft Update, downloading the updates individually or downloading the security CD for February 2010 which will is provided by Microsoft after every patch day.

Advertisement

Related content

How to fix The app you're trying to install isn't a Microsoft-verified app on Windows

You may soon install apps and games directly from Windows Search results

Windows 11: Microsoft rolls out Start Menu Promotions

Microsoft may be working on a modern version of Windows (again)
windows 12

Could these be some of Windows 12's system requirements?
How To Check If Your Device Meets Windows 11 System Requirements

How To Check If Your Device Meets Windows 11 System Requirements

Previous Post: «
Next Post: «

Comments

  1. paulus said on February 10, 2010 at 6:23 pm
    Reply

    Thank you so much again for this insightful overview. Do you know the web address where I can download the Microsoft security CD for February 2010

    1. Martin said on February 10, 2010 at 6:41 pm
      Reply

      Here you go: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=dea7a868-a5dc-488e-b4a8-50fdadcbf138

  2. dan said on February 12, 2010 at 3:48 am
    Reply

    XP users need to be careful with this update; see:

    http://www.engadget.com/2010/02/11/patch-for-ancient-dos-bug-in-latest-windows-xp-update-causing-bl/

  3. Amanda said on February 12, 2010 at 5:22 pm
    Reply

    I would NOT recommend downloading this security update until Microsoft fixes it. It WILL cause your computer to crash. I know it made mine crash (running Vista Home Premium).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Ghacks Newsletter Sign Up

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up

Advertisement

Hot Discussions

Advertisement

Recently Updated

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2023 - All rights reserved