JPCERT-AT-2010-0006
                                                             JPCERT/CC
                                                            2010-02-10

                  <<< JPCERT/CC Alert 2010-02-10 >>>

              February 2010 Microsoft Security Bulletin
               (including five critical patches)

            https://www.jpcert.or.jp/at/2010/at100006.txt


I. Outline

  Microsoft has released its security bulletin summary for Februrary
2010, which contains five security update with severity rating
"Critical".

  As a result of this vulnerability, a remote attacker could cause a
denial of service or execute arbitrary code on an affected system.

  For further information about this vulnerability, please refer to
the following URLs.

    Microsoft Security  Bulletin Summary for February 2010
    http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx

  An update has also been released for the following publicly released
vulnerability:

    Microsoft Security Advisory (979682)
    Vulnerability in Windows Kernel Could Allow  Elevation of Privilege
    http://www.microsoft.com/technet/security/advisory/979682.mspx

  Additionally, the following vulnerabilities have been publicly
disclosed and are being investigated by Microsoft:

    Microsoft  Security Advisory (977544)
    Vulnerability in SMB Could Allow Denial of Service
    http://www.microsoft.com/technet/security/advisory/977544.mspx

    Microsoft  Security Advisory (980088)
    Vulnerability in Internet Explorer Could Allow  Information Disclosure
    http://www.microsoft.com/technet/security/advisory/980088.mspx

  [Critical Security Updates]

    MS10-006
    Vulnerabilities in SMB Client Could Allow Remote  Code Execution (978251)
    http://www.microsoft.com/technet/security/bulletin/ms10-006.mspx

    MS10-007
    Vulnerability in Windows Shell Handler Could Allow  Remote Code Execution (975713)
    http://www.microsoft.com/technet/security/bulletin/ms10-007.mspx

    MS10-008
    Cumulative Security Update of ActiveX Kill Bits  (978262)
    http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx

    MS10-009
    Vulnerabilities in Windows TCP/IP Could Allow  Remote Code Execution (974145)
    http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

    MS10-013
    Vulnerability in Microsoft DirectShow Could Allow  Remote Code Execution (977935)
    http://www.microsoft.com/technet/security/bulletin/ms10-013.mspx


II. Countermeasures

  Use means such as Microsoft Update or Windows Update to apply the
security update immediately.

    Microsoft Update
    https://www.update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/

  Please note that support for Windows 2000 will end on 13 July 2010.


III. References


    Microsoft Security Bulletin Summary for February 2010
    http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx

    US-CERT Technical Cyber Security Alert TA10-040A
    Microsoft Updates for Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA10-040A.html

  If you have any additional information regarding this alert, please
contact us.


======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602