Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2010-02-09

MS10-003
Title Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (Windows and OS X)
Replaces MS90-62, MS10-090
Affected Internet Explorer
KB KB978214
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2011-0035 1
2011-0036 1
2010-0243 1
2010-3971 1
MS10-004
Title Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (Windows and OS X)
Replaces
Affected Powerpoint
KB KB975416
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-0029 2
2010-0030 1
2010-0031 1
2010-0032 1
2010-0033 1
2010-0034 1
MS10-005
Title Vulnerability in Microsoft Paint Could Allow Remote Code Execution
Replaces
Affected Microsoft Paint
KB KB978706
Known Exploits No
Microsoft Rating Moderate
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-0028 2
MS10-006
Title Vulnerabilities in SMB Client Could Allow Remote Code Execution
Replaces MS60-30, MS80-68
Affected SMB
KB KB978251
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-0016 2
2009-0017 1
MS10-007
Title Vulnerability in Windows Shell Handler Could Allow Remote Code Execution
Replaces
Affected ShellExecute API
KB KB975713
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-0027 1
MS10-008
Title Cumulative Security Update of ActiveX Kill Bits
Replaces MS90-55
Affected ActiveX
KB KB978262
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-0252 0
MS10-009
Title Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
Replaces
Affected IPv6
KB KB974145
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-0239 2
2010-0240 2
2010-0241 2
2010-0242 3
MS10-010
Title Hyper-V Instruction Set Validation Vulnerability
Replaces
Affected Hyper-V
KB KB977894
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-0026 3
MS10-011
Title Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privileges
Replaces
Affected CSRSS
KB KB978037
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-0023 1
MS10-012
Title Vulnerabiliites in SMB Server Could Allow Remote Code Execution
Replaces MS90-01
Affected SMB Server
KB KB971468
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-0020 2
2010-0021 2
2010-0022 3
2010-0231 1
MS10-013
Title Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution MS09-038
Replaces MS90-28, MS90-38
Affected DirectShow
KB KB977935
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2010-0250 1
MS10-014
Title Vulnerability in Kerberos Could Allow Denial of Service
Replaces
Affected Kerberos
KB KB977290
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-0035 3
MS10-015
Title Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Replaces
Affected Windows Kernel
KB KB977165
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2010-0232 1
2010-0233 2
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.