Tuesday, June 08, 2010

June 2010 Security Bulletin Release


Microsoft released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework.

Only three of these bulletins get our maximum severity rating of Critical, described at the MSRC Blog as follows:

  • MS10-033 is a remote code execution vulnerability in both Quartz.dll and Asycfilt.dll and is rated Critical on all supported versions of Windows. Specially crafted media files could trigger the vulnerability when a user visits a web page or opens a malicious file.

  • MS10-034 is a cumulative update for ActiveX Kill Bits and is Critical on Windows 2000, XP, Vista, and Windows 7. There are two Microsoft controls we are applying Kill Bits for. Those are the Internet Explorer 8 Developer Tools control, and the Data Analyzer ActiveX control. The latter control is not installed by default. In addition, there are Kill Bits for four third-party controls. Please review the bulletin for additional details.

  • MS10-035 is a cumulative update for Internet Explorer. Of the six vulnerabilities addressed in the bulletin, only one, an information disclosure vulnerability, is publicly known. This issue was identified in Security Advisory 980088. We remain unaware of any active attacks against this vulnerability.
The seven remaining bulletins were rated Important:

Microsoft Security Bulletin MS10-032
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
Microsoft Security Bulletin MS10-036
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Microsoft Security Bulletin MS10-037
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
Microsoft Security Bulletin MS10-038
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
Microsoft Security Bulletin MS10-039
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Microsoft Security Bulletin MS10-040
Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Microsoft Security Bulletin MS10-041
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

References:

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: