Hefty February Microsoft security patch arrives

 

Connecting state and local government leaders

Microsoft's February security update marks another notable Patch Tuesday, with 13 patches addressing more than 26 vulnerabilities in Windows and Microsoft Office.

Microsoft's February security update marks another notable Patch Tuesday, with 13 patches addressing more than 26 vulnerabilities in Windows and Microsoft Office.

Of the 13 fixes on the slate, five are rated "critical" and seven are considered "important," with one lone "moderate" item included in the patch. Nine of the patches have remote code execution (RCE) exploit considerations. The remaining fixes address either elevation-of-privilege or denial-of-service risks.

As one security observer pointed out, this February release could have been the biggest in Microsoft's history. However, Microsoft left Internet Explorer out this month's slate of fixes, even though Microsoft issued an off-cycle patch in January and a new advisory for Internet Explorer in early February.

"Microsoft's February 2010 [security update] was slated to be the biggest release for Microsoft patches in the last two years — 14 bulletins addressing 34 vulnerabilities," explained Wolfgang Kandek, chief technology officer at Qualys. "But the Google/CN Internet Explorer zero-day forced Microsoft to accelerate the testing of the planned IE bulletin and release it early, still in January. That leaves 13 bulletins covering 26 vulnerabilities for the February release, which constitutes one of the bigger patch Tuesdays."

Critical Items
The five critical fixes in the patch affect pretty much every supported version of the Windows operating system family. The first critical item returns to familiar territory—namely, the Server Message Block (SMB) component in Windows.

"Based on the number of SMB bugs fixed in 2009 and the recent disclosure of a bug in SMB affecting Windows 7 and 2008—plus the two bulletins today—it's a safe bet that Microsoft is making a focused effort to eradicate SMB bugs in its products," said Andrew Storms, director of security operations at nCircle. "A lot of people will be disappointed that the public SMB bug disclosed in mid-November was not patched today. The obvious answer to 'why' is that this bug is not the most important. It makes you wonder, though, what else could be looming on the horizon for SMB."

The second critical item affects Windows Shell Handler. This fix resolves a privately reported vulnerability in Windows 2000, Windows XP and Windows Server 2003.

Critical item No. 3 is a cumulative security update for ActiveX killbits, addressing a privately reported vulnerability affecting Microsoft Windows 2000 and Windows XP. Microsoft deems this fix to be important for Windows Vista and Windows 7 and moderate for Windows Server 2003, while it's ranked "low" for Windows Server 2008 and Windows Server 2008 R2.

"Killbit is back again, now affecting not only Microsoft but third parties," said Josh Abraham, a security researcher with Rapid7. "The new affected software includes Google Desktop Gadget, Facebook Photo Updater, Symantec WinFax Pro and Panda ActiveScan Installer."

The fourth critical item addresses an RCE vulnerability associated with TCP/IP in Vista and Windows Server 2008. The fifth and final critical item deals with DirectShow, in which the exploit in question could allow an RCE attack if a user, according to Microsoft, opens a "specially crafted Audio-Video Interleave (AVI) file." This fix affects every known Windows OS.

Important Items
First up in the important slate of security updates is a cumulative fix for vulnerabilities in Microsoft Office. The vulnerabilities, left unpatched, could allow RCE attacks if a user opens a specially crafted Word, Excel or PowerPoint file.

Important item No. 2 addresses six privately reported vulnerabilities in Microsoft Office's PowerPoint presentation app. However, a fix for PowerPoint Viewer 2003 isn't included in the February patch.

"It is important to note that PowerPoint Viewer 2003 is affected by this vulnerability, but Microsoft is not releasing a patch for this version of the viewer," said Jason Miller, data and security team leader at Shavlik Technologies. "Microsoft is stating the product has reached the end of its lifecycle and will not have any future security patches. You should identify all PowerPoint 2003 Viewers on your network and upgrade them to PowerPoint 2007."

Important item No. 3 is said to resolve privately reported vulnerabilities in Microsoft's Hyper-V hypervisor, which comes with Windows Server 2008 and Windows Server 2008 R2.

The fourth important item targets vulnerabilities in Microsoft's Windows Client/Server Run-time Subsystem (CSRSS) in Windows 2000, Windows XP and Windows Server 2003.

Important item No. 5 is another SMB fix. Left unpatched, this vulnerability could allow an RCE attack if "an attacker created a specially crafted SMB packet and sent the packet to an affected system."

The sixth important item will be especially useful for Windows helpdesk specialists. It addresses maliciously configured ticket renewal requests sent specifically through the Windows Kerberos domain from "an authenticated user on a trusted non-Windows Kerberos realm," according to the bulletin.

The seventh and last important item addresses elevation-of-privilege attack risks in the Windows kernel. Microsoft explained in the bulletin that "the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application."

Moderate Item
Lastly, the lone moderate item describes what might happen if RCE exploits were triggered by a user opening and viewing a specially crafted JPEG image file using the graphics program Microsoft Paint. This fix only addresses vulnerabilities on the Windows 2000 and Windows XP operating systems.

All of the fixes in this February security update may require a restart to complete.

IT administrators who still have time after applying all of these fixes can check out this Knowledge Base article. It describes nonsecurity updates arriving via Windows Update, Microsoft Update and Windows Server Update Services.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.