Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigational Links Home > National security > Cyber Security: A Shared Responsibility > Cyber Security Publications > Analytical releases 2010 > AV10-006: Microsoft Security Bulletin for the Month of February

Institutional links

Microsoft Security Bulletin for the Month of February

Number: AV10-006
Date: 9 February 2010

Purpose

The purpose of this advisory is to bring attention to the following 13 vulnerabilities (5-critical, 7-important, 1-moderate) in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS10-006 - Critical - Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Details: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: 2 - Consistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7
CVE reference: CVE-2010-0016 and CVE-2010-0017
http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx

MS10-007 - Critical - Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Details: This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: Consistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003
CVE reference: CVE-2010-0027
http://www.microsoft.com/technet/security/bulletin/MS10-007.mspx

MS10-008 - Critical - Cumulative Security Update of ActiveX Kill Bits (978262)
Details: This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.

The vulnerability could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7
CVE reference: CVE-2010-0252
http://www.microsoft.com/technet/security/bulletin/MS10-008.mspx

MS10-009 - Critical - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
Details: This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: Inconsistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008 R2, Windows 7
CVE reference: CVE-2010-0239, CVE-2010-0240, CVE-2010-0241, CVE-2010-0242
http://www.microsoft.com/technet/security/Bulletin/MS10-009.mspx

MS10-013 - Critical - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Details: This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: Consistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7
CVE reference: CVE-2010-0250
http://www.microsoft.com/technet/security/bulletin/MS10-013.mspx

MS10-003 - Important - Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Details: This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: Consistent exploit code likely
Affected Products: Microsoft Office XP, Microsoft Office 2004 for Mac
CVE reference: CVE-2010-0243
http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx

MS10-004 - Important - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Details: This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: Consistent exploit code likely
Affected Products: Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac
CVE reference: CVE-2010-0029, CVE-2010-0030, CVE-2010-0031, CVE-2010-0032, CVE-2010-0033, CVE-2010-0034
http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx

MS10-010 - Important - Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Details: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could cause a denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Maximum Exploitability Index: Functioning exploit code unlikely
Affected Products: Windows Server 2008 and Windows Server 2008 R2
CVE reference: CVE-2010-0026
http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx

MS10-011 - Important - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Details: This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Maximum Exploitability Index: Consistent exploit code likely
Affected Products: Windows 2000, Windows XP, Windows Server 2003,
CVE reference: CVE-2010-0023
http://www.microsoft.com/technet/security/Bulletin/MS10-011.mspx

MS10-012 - Important - Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Details: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: Consistent exploit code likely
Affected Products: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7
CVE reference: CVE-2010-0020, CVE-2010-0021, CVE-2010-0022, CVE-2010-0231
http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx

MS10-014 - Important - Vulnerability in Kerberos Could Allow Denial of Service (977290)
Details: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Maximum Exploitability Index: Functioning exploit code unlikely
Affected Products: Windows 2000, Windows Server 2003, Windows Server 2008
CVE reference: CVE-2010-0035
http://www.microsoft.com/technet/security/bulletin/MS10-014.mspx

MS10-015 - Important - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Details: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Maximum Exploitability Index: Consistent exploit code likely
Affected Products: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7
CVE reference: CVE-2010-0232, CVE-2010-0233
http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx

MS10-005 - Moderate - Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Details: This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Moderate
Maximum Exploitability Index: Inconsistent exploit code likely
Affected Products: Windows 2000, Windows XP, Windows Server 2003
CVE reference: CVE-2010-0028
http://www.microsoft.com/technet/security/bulletin/ms10-005.mspx

Suggested action

CCIRC recommends that administrators test and deploy these updates at the earliest opportunity. Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/msrc/archive/2010/02/09/february-2010-security-bulletin-release.aspx

References:
http://www.microsoft.com/technet/security/bulletin/MS10-feb.mspx

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-02-09
Top of Page
Top of Page
Important Notices
Host: WWWDMZ02