Critical Product Vu...
 
Bildirimler
Hepsini Temizle

Critical Product Vulnerability - July 2010 Microsoft Security Bulletin Release  

  RSS
Hakan Uzuner
(@hakanuzuner)
Kıdemli Üye Yönetici
What is the purpose of this alert?

This alert is to provide you with an overview of the new security
bulletin(s) being released on July 13, 2010. Security bulletins are
released monthly to resolve critical problem vulnerabilities.

New Security Bulletins

Microsoft is releasing the following four new security bulletins for
newly discovered vulnerabilities:

Bulletin ID Bulletin Title Maximum Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS10-042 Vulnerability in Help and Support Center Could Allow Remote Code
Execution (2229593)
Critical Remote Code Execution May require restart Microsoft Windows XP and Windows Server 2003.
MS10-043 Vulnerability in Canonical Display Driver Could Allow Remote Code
Execution (2032276)
Critical Remote Code Execution Requires restart Microsoft Windows 7 for x64-based systems and Windows Server 2008
R2 for x64-based systems.
MS10-044 Vulnerabilities in Microsoft Office Access ActiveX Controls Could
Allow Remote Code Execution (982335)
Critical Remote Code Execution May require restart Microsoft Office Access 2003 and Office Access 2007.
MS10-045 Vulnerability in Microsoft Office Outlook Could Allow Remote Code
Execution (978212)
Important Remote Code Execution May require restart Microsoft Office Outlook 2002, Office Outlook 2003, and Office
Outlook 2007.
Note: The affected software listed in this table is an
abstract. To see the complete list, please visit the bulletin at the
link in the left column and navigate to the Affected Software
section of the page.

Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS10-jul.mspx .

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Server Update Services
(WSUS), Windows Update (WU), and the Download Center. Information on the
Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830 .

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available
on Microsoft Update (MU), Windows Update (WU), or Windows Server Update
Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199 .

Public Bulletin Webcast

Microsoft will host a webcast to address customer questions on these
bulletins:

Title: Information about Microsoft July Security Bulletins
(Level 200)

Date: Wednesday, July 14, 2010, 11:00 A.M. Pacific Time (U.S.
and Canada)

URL: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032454299

New Security Bulletin Technical Details

In the following tables of affected and non-affected software,
software editions that are not listed are past their support lifecycle.
To determine the support lifecycle for your product and edition, visit
the Microsoft Support Lifecycle web site at http://support.microsoft.com/lifecycle/ .

Bulletin Identifier Microsoft Security Bulletin MS10-042
Bulletin Title Vulnerability in Help and Support Center Could Allow Remote Code
Execution (2229593)
Executive Summary This security update resolves a publicly disclosed vulnerability
in the Windows Help and Support Center feature that is delivered with
supported editions of Windows XP and Windows Server 2003. This
vulnerability could allow remote code execution if a user views a
specially crafted Web page using a Web browser or clicks a specially
crafted link in an e-mail message.

The security update addresses the vulnerability by modifying the
manner in which data is validated when passed to the Windows Help and
Support Center.

This security update also addresses the vulnerability first
described in Microsoft
Security Advisory 2219475
.

Severity Ratings and Affected Software This security update is rated Critical for all supported editions
of Windows XP, and Low for all supported editions of Windows Server
2003.
Attack Vectors
  • A maliciously crafted Web page.
  • A maliciously crafted e-mail.
Mitigating Factors
  • Users would have to be persuaded to visit a malicious web site.
  • The vulnerability cannot be exploited automatically through
    e-mail. For an attack to be successful, a user must click a link
    listed within an e-mail message.
  • Exploitation only gains the same user rights as the logged on
    account. Users whose accounts are configured to have fewer user rights
    on the system could be less impacted than users who operate with
    administrative user rights.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx
Bulletin Identifier Microsoft Security Bulletin MS10-043
Bulletin Title Vulnerability in Canonical Display Driver Could Allow Remote Code
Execution (2032276)
Executive Summary This security update resolves a publicly disclosed vulnerability
in the Canonical Display Driver (cdd.dll). Although it is possible
that the vulnerability could allow code execution, successful code
execution is unlikely due to memory randomization. In most scenarios,
it is much more likely that an attacker who successfully exploited
this vulnerability could cause the affected system to stop responding
and automatically restart.

The security update addresses the vulnerability by correcting the
manner in which the Canonical Display Driver parses information copied
from user mode to kernel mode.

This security update also addresses the vulnerability first
described in Microsoft
Security Advisory 2028859
.

Severity Ratings and Affected Software This security update is rated Critical for x64-based editions of
Windows 7 and Important for Windows Server 2008 R2.
Attack Vectors
  • A maliciously crafted image file.
  • Common delivery mechanisms: a maliciously crafted Web page, an
    e-mail attachment, an instant message, a peer-to-peer file share, a
    network share, and/or a USB thumb drive.
Mitigating Factors
  • This vulnerability only impacts Windows systems that have the
    Windows Aero theme installed.
  • By default, Windows Aero is not enabled in Windows Server 2008 R2,
    and the platform does not include Aero-capable graphics drivers.
  • Users would have to be persuaded to visit a malicious web site.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details http://www.microsoft.com/technet/security/bulletin/MS10-043.mspx
Bulletin Identifier Microsoft Security Bulletin MS10-044
Bulletin Title Vulnerabilities in Microsoft Office Access ActiveX Controls Could
Allow Remote Code Execution (982335)
Executive Summary This security update resolves two privately reported
vulnerabilities in Microsoft Office Access ActiveX Controls. The
vulnerabilities could allow remote code execution if a user opened a
specially crafted Office file or viewed a Web page that instantiated
Access ActiveX controls.

The update addresses the vulnerabilities by updating specific
Access ActiveX controls and by modifying the way memory is accessed by
Microsoft Office and by Internet Explorer when loading Access ActiveX
controls.

Severity Ratings and Affected Software This security update is rated Critical for supported editions of
Microsoft Office Access 2003 and Microsoft Office Access 2007.
Attack Vectors
  • A maliciously crafted Web page.
  • A maliciously crafted e-mail attachment.
Mitigating Factors
  • Users would have to be persuaded to visit a malicious web site.
  • Exploitation only gains the same user rights as the logged on
    account. Users whose accounts are configured to have fewer user rights
    on the system could be less impacted than users who operate with
    administrative user rights.
  • By default, all versions of Outlook, Outlook Express, and Windows
    Mail open HTML e-mail messages in the Restricted Sites zone.
  • By default, IE on Windows 2003 and Windows Server 2008 runs in a
    restricted mode.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://www.microsoft.com/technet/security/bulletin/MS10-044.mspx
Bulletin Identifier Microsoft Security Bulletin MS10-045
Bulletin Title Vulnerability in Microsoft Office Outlook Could Allow Remote Code
Execution (978212)
Executive Summary This security update resolves a privately reported vulnerability.
The vulnerability could allow remote code execution if a user opened
an attachment in a specially crafted e-mail message using an affected
version of Microsoft Office Outlook.

The update addresses the vulnerability by modifying the way that
Microsoft Office Outlook verifies attachments in a specially crafted
e-mail message.

Severity Ratings and Affected Software This security update is rated Important for all supported editions
of Microsoft Office Outlook 2002, Microsoft Office Outlook 2003, and
Microsoft Office Outlook 2007.
Attack Vectors
  • A maliciously crafted e-mail attachment.
Mitigating Factors
  • An attacker who successfully exploited this vulnerability could
    gain the same user rights as the local user. Users whose accounts are
    configured to have fewer user rights on the system could be less
    impacted than users who operate with administrative user rights.
  • Cannot be exploited automatically through e-mail, because a user
    must open an attachment that is sent in an e-mail message.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS09-060
Full Details http://www.microsoft.com/technet/security/bulletin/MS10-045.mspx

Regarding Information Consistency

We strive to provide you with accurate information in static (this
mail) and dynamic (web-based) content. Microsoft’s security content
posted to the web is occasionally updated to reflect late-breaking
information. If this results in an inconsistency between the information
here and the information in Microsoft’s web-based security content, the
information in Microsoft’s web-based security content is authoritative.

If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.

Thank you,

Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************

Alıntı
Gönderildi : 14/07/2010 11:27
Ufuk TATLIDIL
(@ufuktatlidil)
Saygın Üye

Kritik bir bilgi. Teşekkürler hocam.

CevapAlıntı
Gönderildi : 14/07/2010 12:00
Paylaş: