Microsoft has released 13 security fixes for 26 vulnerabilities in the February Patch Tuesday monthly security...
update, equalling the record set for the largest update in October.
The update was due to be the biggest to date with 14 fixes for 34 vulnerabilities, but the Internet Explorer zero day attacks forced an out-of-band update in January, leaving 13 for February.
There are five critical vulnerabilities for the Windows Operating System, but Windows 7 and Windows 2008 R2 are affected by only three of them.
"Overall highest on our list for patching are MS10-006 SMB client and MS10-013 DirectShow, which affect all versions of Windows and have a low exploitability index," said Wolfgang Kandek, chief technology officer at security firm Qualys.
Next are MS10-007 Shell URL handling, which is critical for Windows 2000, XP and 2003 and MS10-008, an update to the ActiveX Killbit settings, applicable to all platforms, he said.
MS10-012 is a bulletin for SMB that server administrators should focus on, said Kandek.
"It allows a malicious, unauthenticated party to launch a remote denial of service attack and remote authenticated clients can execute code using another flaw addressed in the bulletin," he said.
MS10-010 addresses a vulnerability in the hypervisor of Windows 2008 which allows a guest operating system to crash the host operating system, affecting all virtual machines running on the same physical host.
"Virtualisation is increasingly used in corporate IT environments and in cloud computing initiatives and we see this class of vulnerability gaining importance," said Kandek.
Microsoft Office has two bulletins that affect all versions of the software except the latest version, Office 2007.
Although rated only "important", all affected users should update as quickly as possible because file-based vulnerabilities have been a favourite of attackers in the past year, said Kandek.