Monday, October 4, 2010

Microsoft Releases Ten Patches, Three Critical

Microsoft released ten security bulletins today and updates to various products to fix thirty-four separate vulnerabilities. Three of the updates have a maximum severity level of Critical. Two affect Microsoft Windows and one is a Cumulative Update for Internet Explorer.

The three Critical updates were:

*MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution—Two vulnerabilities affecting a variety of components in almost all versions of Windows could lead to remote code execution. The user would have to open a malicious media file or receive streaming content.
*MS10-034: Cumulative Security Update of ActiveX Kill Bits—Because of vulnerabilities in two COM objects from Microsoft and several others from Danske Bank, CA, Eastman Kodak and Avaya, this update applies kill bits to disable the components.
*MS10-035: Cumulative Security Update for Internet Explorer—6 different vulnerabilities affecting all versions of Internet Explorer on all supported versions of Windows are fixed in this cumulative update. Several are rated likely to result in working exploit code, including the two which are ranked Critical.

The remaining seven vulnerabilities top out at Important, meaning that there is some significant mitigating factor or that the damage is limited:

*MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege —All supported versions of Windows are vulnerable to privilege elevation owing to three vulnerabilities. An attacker would need valid logon credentials in order to execute the attack.
*MS10-036: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution —Various Microsoft Office for Windows programs (not including Office 2010) are vulnerable to remote code execution if the user opens a malicious web page or e-mail attachment. Working exploit code is likely for this attack.
*MS10-037: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege—All versions of Windows are vulnerable to an elevation of privilege vulnerability But the attacker needs valid logon credentials and consistent exploit code is not likely.
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution—Excel and certain other Office programs on Windows and the Mac are vulnerable to remote code execution through 14 different vulnerabilities, most of which are likely to produce functioning exploit code.
*MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege—Two vulnerabilities in SharePoint could lead to denial of service (locking up the client session) or improper disclosure of information.
*MS10-040: Vulnerability in Internet Information Services Could Allow Remote Code Execution —An authentication error in all versions of IIS could lead to remote code execution.
*MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering—An attacker could tamper with signed XML content without being detected.

There were also a large number of non-security updates released today. including the following:
* New versions of the Windows Malicious Software Removal Tool (32-bit and 64-bit)
* An update for the Windows Mail Junk E-mail Filter
*Updates to various versions of Microsoft .NET Framework—strengthens authentication credentials in specific scenarios. [Why is this classified as a non-security update? Is it really the same thing as MS10-041?]



Jessica said...

Barrister Global Services Scams

alina said...

Barrister Global Services Network, one of premier provider of IT solutions, printer repair , Printer

, managed print services, Barrister Global

. Printing services as printer repair and Managed Print Services are among the best services provided by barrister.

helpgurus said...

I've heard that there's still an issues with this new MS updates.

computer help

Lindasy Rosenwald said...

Nice blogging, My review is very good example.
Lindsay Rosenwald Dr. Lindsay Rosenwald is one of the re-known venture capitalists and the hedge fund managers in the world.

AMS said...


Keep up with your good work, I would come back to you.

Network Support Virginia

John said...

Nice Blogging,
UTAH : Utah Web Design

John said...

Very good blogging,
Utah SEO

compssport said...

Thanks for sharing this post. So what happen now to the three critical patches?

computer support specialists

Boundless Technologies said...

I always learn something new from your post!Great article. I wish I could write so well.

Web Hosting

webmaster said...

Best seller 3TB Hard Drive Black Friday Western digital.

David said...

Testimonails on Buck Reed , how Buck Reed geting more and more popul;ar.

iTechnology said...

I found your blog perfect for my needs. It contains wonderful and helpful posts. I have read most of them and learned a lot from them. You are doing some great work. Thank you for making such a nice blog. Miami Computer Services

harry fall said...

Intersting and beautiful blog lovely presentation thanks for sharing your word support|ms word support

davidbond said...

I am not sure where you are getting your information, but good topic. I needs to spend some time learning much more or understanding more. Thanks for fantastic information I was looking for this info for my mission.
outlook data

Alex Gold said...


Interesting and beautiful blog lovely presentation thanks for sharing your views.

Visit more info :- Online computer support


Md.Shofiur Rahman said...

Md.Shofiur Rahman said...

Free Computer Support and Help & Online PC Help Forums for beginners to experts alike.
Simple, free and reliable computer,Tablets & Smart Phones Computer Security support. Free PC Help