The Office related bulletins are both rated Important and would require user action to be exploited (usually in the form of convincing a user to open a specially crafted file). The vulnerabilities only affect older versions of Office so customers on Office 2007 or Office 2008 for Mac will have not actions this month.
On tuesday(tonight) we expect to get this
- Advisory 980088, Vulnerability in Internet Explorer Could Allow Information Disclosure: this advisory was released yesterday (Feb 3). We do not have an update for this issue planned for the normal February bulletin release. However, this vulnerability only affects versions of windows older than Vista in their default configuration, and there is a “Fix It” available so customers in non-default configurations can protect themselves.
- Advisory 979682, Vulnerability in Windows Kernel Could Allow Elevation of Privilege: we are on track to release an update for this issue next Tuesday.
- Advisory 977544, Vulnerability in SMB Could Allow Denial of Service: we are still working on an update for this issue so it will not be addressed in the February bulletins. As a reminder, this issue cannot be used to allow an attacker to take control of a system remotely, but instead results in a system becoming unresponsive due to resource consumption.
Summary Table
Version | Critical | Important | Moderate | Low | Total |
Windows 2000 | 5 | 3 | 1 | 0 | 9 |
Windows XP | 5 | 2 | 1 | 0 | 8 |
Windows Server 2003 | 4 | 3 | 2 | 0 | 9 |
Windows Vista | 3 | 3 | 0 | 0 | 6 |
Windows Server 2008 | 3 | 4 | 0 | 1 | 8 |
Windows 7 | 3 | 2 | 0 | 0 | 5 |
Windows Server 2008 R2 | 3 | 1 | 0 | 1 | 5 |
Windows versions that are reaching the end of their product lifecycle.
- Windows XP Service Pack 2 will no longer be supported as of July 13, 2010. Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible.
- Windows Vista RTM will no longer be supported as of April 13, 2010. Service Pack 1 will still be supported until July 12, 2011 but we recommend customers update to Service Pack 2 or Windows 7 at this time.
- Extended support for Windows 2000 will also be retired on July 13, 2010. At that time, we will no longer provide security or any other updates for Windows 2000.
WebCast with Adrian and Jerry
Tomorrow, Wednesday, you can join Adrian Stone and Jerry Bryanton their Live Webcast where theywill go in to detail on each bulletin to give you even more information and guidance:
Date: Wednesday, Feb 10
Time: 11:00 a.m. PST (UTC -8)
Registration: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032427679