MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities

Summary:According to an advance notice from Microsoft, five of the 13 bulletins will be rated "critical" because of the risk of remove code execution attacks.

Microsoft's February batch of security patches will be a biggie -- 13 bulletins with fixes for a whopping 26 vulnerabilities.

According to an advance notice from the Redmond, Wash. software vendor, five of the 13 bulletins will be rated "critical" because of the risk of remote code execution attacks.

[ SEE: Microsoft confirms 17-year-old Windows vulnerability ]

The majority of the vulnerabilities affect the company's flagship Windows operating system while the others will deal with security holes in the Microsoft Office productivity suite.

This chart details the affected OS versions and severity ratings for the bulletins, which will be released next Tuesday (February 9, 2010).

(Click image for larger version)

While the details of the vulnerabilities will be kept a secret until Patch Tuesday, Microsoft says one of the bulletins will address a known privilege escalation flaw (see advisory) in the Windows kernel.

That vulnerability was publicly disclosed by a Google security researcher who code to demonstrate the risk of privilege escalation attacks that affect every release of the Windows NT kernel -- from Windows NT 3.1 (1993) up to and including Windows 7 (2009).

[ SEE: Microsoft warns of new IE data-leakage vulnerability ]

Microsoft has already warned that a malicious hacker could exploit this vulnerability to run arbitrary code in kernel mode.  For an attack to be successful, the attacker must have valid logon credentials. The flaw does not affect Windows operating systems for x64-based and Itanium-based computers.

There are at least two open, publicly known vulnerabilities that will NOT be patched this month.  They are the most recent Internet Explorer data leakage bug (see advisory) details at Black Hat DC and a denial-of-service vulnerability in the Server Message Block (SMB) protocol.

[ SEE: Microsoft confirms 'detailed' Windows 7 exploit ]

Exploit code for the SMB flaw was released by researcherFollowing the publication of stop responding until manually restarted.

Topics: Enterprise Software, Microsoft, Security, Windows


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.