Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users. The company urged customers to prioritize and deploy four updates because of the critical severity rating and the fact that consistent exploit code is likely within the next 30 days. To exploit the vulnerability, an attacker could host a malicious AVI file on a website and convince a user to visit the site, or send the file via email and convince the user to open it. A fourth bulletin MS10-008 includes ActiveX Kill Bits for Internet Explorer and exposes surfers to malicious code execution attacks.
Source: https://threatpost.com/ms-patch-tuesday-13-bulletins-26-vulnerabilities-020910/73517/