Microsoft releases five critical security bulletins

Another Patch Tuesday and Microsoft comes out with a variety of patches, and this series is quite serious. Users are recommended to update as soon as possible.

The critical vulnerabilities are in: Windows, Office, Visual Basic and Internet Explorer.

Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
An attacker who successfully exploited avulnerability in the WebDAV Mini-Redirector could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
This critical security update resolves one privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Cumulative Security Update for Internet Explorer (944533)
This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
This critical security update resolves two privately reported vulnerabilities in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Worth noting is also that Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

If you want more information about these security bulletins do check out the TechNet Webcast that will present a brief overview of the technical details of the February security bulletins followed by an extensive Q&A session that will give you the opportunity to ask questions and get answers from Bill Sisk, Security Response Communications Manager and Adrian Stone, Lead Security Program Manager, Microsoft Corporation.