Microsoft matched its record of 13 security updates for 26 vulnerabilities in yesterday's Patch Tuesday. Eleven of the patches are for Windows, with the remaining two targeted at users of Office XP and Office 2003 for Windows and Office 2004 for Mac.
Five of the 13 patches are listed as "critical, seven as "important" and one as "moderate".
The company first issued a record 13 security bulletins in October last year which patched 34 flaws.
“The SMB Server pathname overflow vulnerability tops my list this month,” says Joshua Talbot, security intelligence manager, Symantec Security Response. “Server-side vulnerabilities aren’t too common anymore, but they’re a golden goose for attackers when they are discovered. With this one, if an attacker can find a vulnerable remote server that has a guest account set up, just like that, they’ve got access to the machine and possibly the entire local network—all without any user involvement required.
“The TCP/IP router advertisement vulnerability is also a biggie,” Talbot adds. “It too is a server-side remote code execution issue and the scary thing is that this affects everyone running one of the effected systems; whereas the SMB issue only affects users with an SMB server. To make matters worse, by default, the Windows firewall doesn’t protect against this, and again, no user interaction is required for exploitation.”
Additional information on Microsoft’s security bulletins can be found at: http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx