Microsoft Security Bulletin released for the month of August

Microsoft has released its security bulletin for August 2010. This month Microsoft has released 15 bulletins, addressing total 32 vulnerabilities.

Out of the 15 bulletins, nine bulletins have been rated “Critical” and six bulletins have been rated “Important”. 11 bulletins are related to “Remote Code Execution” vulnerability and four bulletins are related to “Elevation of Privilege” vulnerability.

The following vulnerabilities have been rated “Critical”:

– Bulletin MS10-046 resolves vulnerability in Windows Shell that could allow remote code execution if the icon of a specially crafted shortcut is displayed in Microsoft Windows operating system.
– Bulletin MS10-049 resolves two vulnerabilities in Secure Channel (SChannel) security package in Windows that could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser, in Microsoft Windows operating system.
– Bulletin MS10-051 resolves vulnerability in Microsoft XML Core Services that could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer, in Microsoft Windows operating system.
– Bulletin MS10-052 resolves vulnerability in Microsoft MPEG Layer-3 audio codecs that could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content, in Microsoft Windows operating system.
– Bulletin MS10-053 resolves six vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted Web page using Microsoft Internet Explorer.
– Bulletin MS10-054 resolves three vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system, in Microsoft Windows operating system.
– Bulletin MS10-055 resolves vulnerability in Cinepak Codec that could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content, in Microsoft Windows operating system.
– Bulletin MS10-056 resolves four vulnerabilities that could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message, in Microsoft Office.
– Bulletin MS10-060 resolves two vulnerabilities that could allow remote code execution on a client system, if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application.

The following vulnerabilities have been rated “Important”:

– Bulletin MS10-047 resolves two vulnerabilities that could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application, in Microsoft Windows operating system.
– Bulletin MS10-048 resolves four vulnerabilities in Windows kernel-mode drivers that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application in Microsoft Windows operating system.
– Bulletin MS10-050 resolves vulnerability in Windows Movie Maker that could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file in Microsoft Windows operating system.
– Bulletin MS10-057 resolves vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Excel file.
– Bulletin MS10-058 resolves two vulnerabilities that could allow elevation of privilege due to an error in the processing of a specific input buffer in Microsoft Windows operating system.
– Bulletin MS10-059 resolves vulnerability in Tracing Feature for Services that could allow elevation of privilege if an attacker runs a specially crafted application in Microsoft Windows operating system.

The above bulletins released this month provides security updates for Microsoft Windows operating system, Microsoft Office, Microsoft Internet Explorer, Microsoft .NET Framework and Microsoft Silverlight.

For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit Microsoft Security Bulletin Summary – August 2010 page.

I will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.

Basant Sekhani

Basant Sekhani


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image