It's Microsoft Patch Tuesday: February 2010

Justin James gathers the information you need to make the right decision on applying Microsoft's February 2010 patches in your organization.

As expected, the slow January Patch Tuesday has been made up for by an intense February, with a whopping thirteen security patches! For one thing, we saw a big release of out-of-band items near the end of January, including a critical security patch for Internet Explorer, and a pile of other things that could have and should have waited until the proper Patch Tuesday to be released.

This blog post is also available in PDF format in a free TechRepublic download.

Security Patches

  • MS10-003/KB978214 - Important (Office XP, Office 2004 for Mac): Specially crafted Office files can be used to perform remote code execution exploits in Office XP and Office 2004 for Mac; this patch fixes the issue. The attacker is limited to the current user's rights. I think that this patch is more critical than Microsoft's rating, and you should install it on any affected copies of Office quickly. 4.6MB - 9.4MB
  • MS10-004/KB975416 - Important (Office XP, Office 2003, Office 2004 for Mac): This is another remote code execution targeting Office; this time PowerPoint is the victim. Again, the attacker gets the current user's right. This patch should be installed immediately. 3.4MB - 9.4MB
  • MS10-005/KB978706 - Moderate (2000, XP, 2003): This is a new one. A bug in MS Paint allows remote code execution exploits to be delivered via specially crafted JPEG files. I don't think many people have MS Paint as their default image viewer, so this is not too much of an issue. Install the patch during your next patch cycle. 610KB - 1.4MB
  • MS10-006/KB978251 - Critical (2000, XP, W7, 2003, 2008 R2)/Important (Vista, 2008): This is another in the recent problems for Windows' SMB handling; this one is a remote code execution exploit. The only nice thing about this one is that it requires the attacker to get you to try to connect to their rigged SMB server, and that's pretty unlikely to go through many corporate firewalls. All the same, get this patch installed as soon as you can. 191KB - 1.2MB
  • MS10-007/KB975713 - Critical (2000, XP, 2003): There is a bug in the ShellExecute API call (which allows programs to ask the OS to perform commands) that allows a remote code execution attack to occur. This patch should be installed immediately. 606KB - 1.4MB
  • MS10-008/KB978262 - Critical (2000, XP)/Important(Vista, W7)/Moderate(2003)/Low (2008, 2008 R2): This is an important update to the ActiveX Kill Bits system that fixes a bug that could allow remote code execution exploits, and it adds some additional controls to the kill bits system. Install this as soon as you can. 27KB - 1.0MB
  • MS10-009/KB974145 - Critical (Vista, 2008): A problem in the TCP/IP stack of Vista and 2008 allows an attacker to perform a remote code execution exploit if IPv6 is turned on. You should install this patch immediately. 1.4MB - 2.7MB
  • MS10-010/KB977894 - Important (2008, 2008 R2): An attacker who is logged in to a guest machine running under Hyper-V could execute a denial-of-service attack on the host. This is a fairly low-level problem, and you shouldn't bother with the patch unless you are using Hyper-V. 117KB - 189KB
  • MS10-011/KB978037 - Important (2000, XP, 2003): An issue in the Client/Server Runtime Subsystem allows authenticated attackers to escalate their privileges, which makes this a fairly low importance patch. Install it during your next scheduled patch cycle. 506KB - 1.0MB
  • MS10-012/KB971468 - Important (2000, XP, Vista, W7, 2003, 2008, 2008 R2): This patch solves another problem in Windows' SMB handling, this time on the server side, which allows a remote code execution attack to occur. Since you should never have SMB exposed past your firewall, this should not be an emergency patch. All the same, you will want to install it on your next scheduled patch day. 224KB - 1.5MB
  • MS10-013/KB977935 - Critical (2000, XP, Vista, W7, 2003, 2008, 2008 R2)/Important (2003 IA-64, 2008 IA-64, 2008 R2 IA-64): DirectShow's AVI handling routines are open to a remote code execution attack if passed a rigged AVI file; the attacker gains the current user's rights. Install the patch immediately. 564KB - 3.0MB
  • MS10-014/KB977290 - Important (2000, 2003, 2008): The Kerberos system has a flaw that allows a denial-of-service attack on a domain controller with a specially crafted Kerberos ticket renewal request. You should install this patch during your next scheduled patch time. 189KB - 1.2MB
  • MS10-015/KB977165 - Important (2000, XP, Vista, W7 32 Bit, 2003, 2008): A Windows bug allows a local user to escalate their privileges. Windows 7 64-bit users are spared, as are 2008 R2 servers. This isn't a critical item, and the patch can wait until your next scheduled patching. 1.6MB - 7.8MB

Other Updates

  • KB979099: This patch fixes issues with the Rights Management Services Client on 2003, 2008 R2, XP, and W7. 1MB - 9.2MB
  • KB973917: This patch is a reissue to correct some problems with the original version and will need to be reinstalled. The patch adds Extended Protection for Authentication to IIS on 2003, 2008, and Vista. 867KB - 4.0MB
  • "The Usual Suspects": Updates to the Malicious Software Removal Tool (9.7MB - 10MB) and Junk Email filters (2.2MB).
  • Changed, but not significantly: None.

Updates since the last Patch Tuesday

  • MS10-002/KB978207 - Critical (2000, XP, Vista, W7, 2003, 2008, 2008R2): This patch fixes a remote code execution exploit in Internet Explorer. You should get this patch installed immediately, if you have not already done so, because there are public exploits for it and have been for some time. 3.3MB - 48MB

There have been a number of minor items added and updated since the last Patch Tuesday:

Changed, but not significantly: