As announced last Friday, Microsoft released 13 Security Bulletins on February Patch Tuesday, fixing 26 security vulnerabilities in the Redmond products. Of those 11 affect the Windows operating systems and 2 the Office products.
Due to the vulnerabilities, attackers may infect computers with luring users onto manipulated websites that offer specially prepared AVI videos. The same is possible with maliciously prepared Office documents – those could get sent via mail, for example. Even the network stack (TCP/IP) is vulnerable.
In Microsoft’s Security Response Center, and through telephone calls to their contact center, the company advises to install all Updates as soon as possible as 5 of the closed security holes are rated critical and the appearance of exploit code soon is very likely. For companies, the MSRC advises to prioritize those 5 Patches.