Adobe will also use this patch Tuesday to ship an update for Adobe Reader X. Adobe Reader X is the most recent version of Adobe Reader and has incorporated sandbox technology to provide additional hardening against attacks. Security Advisory APSB11-03 warns of several critical flaws in the the new product. They will be addressed on February 8 for Windows and Mac OS X, later on February 28 for Unix users.
See also: Ryan Naraine on ZDNet Zero day
Microsoft announced 12 bulletins today for February’s Patch Tuesday. Three of the bulletins are critical and include updates to address the recently disclosed flaws in Internet Explorer "css.css" – Microsoft Security Advisory 2488013 and Windows "thumbnail preview" – Microsoft Security Advisory 2490606. These vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended.
In addition the lower rated flaw in the FTP service is addressed with an update to the IIS server.
The remaining updates address flaws in Windows, Office and the development platform Visual Studio. All versions of Windows starting with Windows XP SP3 up to the latest versions Windows 7 and Windows Server 2008 R2. The Office bulletin, however is limited to a relatively small footprint: the Visio versions 2002, 2003 and 2007.
The recent MHTML issue in Windows/Internet Explorer will not be addressed in this update. The workaround suggested by Microsoft in Advisory 2501696 continues to be the recommended way of mitigating this attack vector.