- Joined
- Jun 27, 2006
- Location
- Chicago, IL
Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments:
More listening and viewing options:
Link Removed due to 404 Error
As always, Microsoft recommends that customers test and deploy all security updates as soon as they can.
Link Removed due to 404 Error
For a closer look at some of the issues involved in these bulletins, our Security Research & Defense (SRD) team writes about MS10-048, MS10-049, and MS10-054 today on its blog.
We're also releasing Security Advisory 2264072 with this update. This advisory addresses the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. In turn, the release of MS10-049 closes Security Advisory 977377, which described a spoofing vulnerability addressed in today's release. When early investigation revealed that this vulnerability is an industry-wide problem, Microsoft worked on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). A new standard was developed, RFC 5746, which allows developers of both client and server applications to address this vulnerability.
More information about the security updates can be found on the Microsoft Security Bulletin summary Link Removed due to 404 Error. Our Exploitability Index provides additional information to help customers prioritize deployment of the monthly security bulletins.
On August 2, we released MS10-046 out of band in response to a new zero-day vulnerability being exploited by the Stuxnet family of malware. This month, we have added Stuxnet and several other malware to the Malicious Software Removal Tool (MSRT) in order to help clean up systems that may have been impacted. Here's the full list of new malware being added:
Reminder: You can follow the team for late breaking news and updates on the threat landscape here: @MSFTSecResponse.
Thanks!
Angela Gunn
Security Response Communications Manager
Link Removed due to 404 Error
More...
- Link Removed due to 404 Error This bulletin resolves a privately reported vulnerability in Microsoft's MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
- Link Removed due to 404 Error This bulletin resolves a privately reported vulnerability in Cinepak Codec, which is used by Windows Media Player to support the .avi audiovisual format. The vulnerability could allow remote code execution if a user opens a specially crafted media file, or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
- Link Removed due to 404 Error This bulletin resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Windows Vista and Windows 7 are less exploitable due to additional heap mitigation mechanisms in those operating systems.
- Link Removed due to 404 Error This bulletin resolves two privately reported vulnerabilities, both of which could allow remote code execution, in Microsoft .NET Framework and Microsoft Silverlight.
More listening and viewing options:
- Link Removed - Invalid URL
- Link Removed - Invalid URL
- Link Removed - Invalid URL
- Link Removed - Invalid URL
- Link Removed - Invalid URL
- Link Removed - Invalid URL
Link Removed due to 404 Error
As always, Microsoft recommends that customers test and deploy all security updates as soon as they can.
Link Removed due to 404 Error
For a closer look at some of the issues involved in these bulletins, our Security Research & Defense (SRD) team writes about MS10-048, MS10-049, and MS10-054 today on its blog.
We're also releasing Security Advisory 2264072 with this update. This advisory addresses the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. In turn, the release of MS10-049 closes Security Advisory 977377, which described a spoofing vulnerability addressed in today's release. When early investigation revealed that this vulnerability is an industry-wide problem, Microsoft worked on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). A new standard was developed, RFC 5746, which allows developers of both client and server applications to address this vulnerability.
More information about the security updates can be found on the Microsoft Security Bulletin summary Link Removed due to 404 Error. Our Exploitability Index provides additional information to help customers prioritize deployment of the monthly security bulletins.
On August 2, we released MS10-046 out of band in response to a new zero-day vulnerability being exploited by the Stuxnet family of malware. This month, we have added Stuxnet and several other malware to the Malicious Software Removal Tool (MSRT) in order to help clean up systems that may have been impacted. Here's the full list of new malware being added:
- Win32/Stuxnet
- Win32/CplLnk
- Worm:Win32/Vobfus.gen!A
- Worm:Win32/Vobfus.gen!B
- Worm:Win32/Vobfus.gen!C
- Worm:Win32/Vobfus!dll
- Worm:Win32/Sality.AU
- Virus:Win32/Sality.AU
- TrojanDropper:Win32/Sality.AU
Reminder: You can follow the team for late breaking news and updates on the threat landscape here: @MSFTSecResponse.
Thanks!
Angela Gunn
Security Response Communications Manager
Link Removed due to 404 Error
More...
