Microsoft has released 12 updates in their February 2011 security bulletin update. These 12 updates patch at least 22 vulnerabilities of Microsoft Windows. Here are the updates included in the February security bulletin update:
- MS11-003: Cumulative Security Update for Internet Explorer-4 remote code execution vulnerabilities are fixed. Two of them have been publicly disclosed, including a variation on the insecure DLL loading issue that we have been seeing fixed for months.
- MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution-A publicly-disclosed flaw in the IIS FTP service could allow remote code execution through a malicious command. The FTP service is not installed by default.
- MS11-005: Vulnerability in Active Directory Could Allow Denial of Service-Improper validation of service principal names (SPN) could lead to collisions and subsequent DOS.
- MS11-006: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution-This update fixes a publicly-disclosed vulnerability the handling of specially crafted thumbnail images by the Windows Shell graphics processor.
- MS11-007: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution-A flaw in the Windows OpenType Compact Font Format (CFF) driver could allow remote code execution via specially crafted OpenType fonts. This update affects kernel mode code and is therefore more dangerous than the other two.
- MS11-008: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution-All versions of Visio are vulnerable to two remote code execution vulnerabilities exploitable through malicious data files.
- MS11-009: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure-A memory corruption could lead the scripting engines to disclose information which could be used to abuse the system further.
- MS11-010: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege-The CSRSS terminates processes when a user logs off. A vulnerability in this function could allow an attacker to run code which could monitor the behavior of users who logged on to the system subsequently.
- MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege-All Windows versions are affected by a flaw in the interaction of drivers with the kernel. Another flaw affects only Windows XP.
- MS11-012: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege-5 separate vulnerabilities.
- MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege-Two separate vulnerabilities are involved. The elevation of privilege bug had been publicly-disclosed. The other allows spoofing.
- MS11-014: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege-Maliciously-crafted authentication requests could cause LSASS to elevate the user’s privileges.
Although these updates are available directly from Microsoft Update website, you can download all these updates as an ISO image from the following locations:
Here is the list of Knowledge Base (KB) articles related to the security updates of February 2011: