Microsoft's February Patch Tuesday fixed 22 bugs via 12 updates, including patches for three zero-day exploits. Microsoft also made a change to the Autorun services in XP and Vista that it hopes will put a cramp in the spread of Conficker.
- MS11-003, a zero-day IE bug disclosed to the public in Dec that the ISC says is being actively exploited now. It affects all supported versions of IE (6, 7, 8). This was a hole that let attackers hijack a PC by manipulating IE's HTML engine when the browser processed CSS that included "@import" rules, and it sidestepped Windows 7 security.
- MS11-004, a zero-day for IIS users that fixes a hole in the Web server's FTP services. Rated "important" as FTP is not turned on by default. However, proof-of-concept code is out there.
- MS11-006, the much publicized Graphics Rendering Engine hole that affects Windows XP, Vista, Server 2003. It doesn't affect Windows 7 nor WS 2008.
Here's the Information about Microsoft's February 2011 Security Bulletin Release.
Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).
Risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).
[tags]overview,ie6,ie7,ie8,internet explorer 6,internet explorer 7,internet explorer 8,ftp services[/tags]