Microsoft Security Bulletin Summary for August 10, 2010

Discussion in 'other security issues & news' started by NICK ADSL UK, Aug 10, 2010.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for August 10, 2010

    Microsoft Security Bulletin Summary for August 10 2010
    Published: August 10 2010


    Note: There may be latency issues due to replication, if the page does not display keep refreshing


    Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


    Today Microsoft released the following Security Bulletin(s).

    Bulletin Summary:

    http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx


    Critical (9)
    Microsoft Security Bulletin MS10-046 - Critical
    Vulnerability in Windows Shell Could Allow Remote Code Execution (228619:cool:
    Published: August 02, 2010 | Updated: August 03, 2010
    http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx


    Microsoft Security Bulletin MS10-049 - Critical
    Vulnerabilities in SChannel could allow Remote Code Execution (980436)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx


    Microsoft Security Bulletin MS10-051 - Critical
    Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
    http://www.microsoft.com/technet/security/bulletin/ms10-051.mspx


    Microsoft Security Bulletin MS10-060 - Critical
    Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-060.mspx


    Microsoft Security Bulletin MS10-056 - Critical
    Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (226963:cool:
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-056.mspx



    Microsoft Security Bulletin MS10-055 - Critical
    Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-055.mspx


    Microsoft Security Bulletin MS10-054 - Critical
    Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-054.mspx


    Microsoft Security Bulletin MS10-053 - Critical
    Cumulative Security Update for Internet Explorer (2183461)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-053.mspx


    Microsoft Security Bulletin MS10-052 - Critical
    Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (211516:cool:
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-052.mspx


    (Important (6)
    Microsoft Security Bulletin MS10-059 - Important
    Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-059.mspx


    Microsoft Security Bulletin MS10-058 - Important
    Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-058.mspx


    Microsoft Security Bulletin MS10-057 - Important
    Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-057.mspx

    Microsoft Security Bulletin MS10-047 - Important
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/bulletin/MS10-047.mspx


    Microsoft Security Bulletin MS10-048 - Important
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-048.mspx


    Microsoft Security Bulletin MS10-050 - Important
    Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
    Published: August 10, 2010
    http://www.microsoft.com/technet/security/Bulletin/MS10-050.mspx


    Moderate (0)



    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Webcast: Information About Microsoft August Security Bulletins (Level 200)
    Event ID: 1032454431


    Language(s): English.
    Product(s): Security.
    Audience(s): IT Decision Maker,IT Generalist.


    Duration: 90 Minutes
    Start Date: Wednesday, August 11, 2010 11:00 AM Pacific Time (US & Canada
    )

    Event Overview
    Join us for a brief overview of the technical details of the August security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

    Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

    Register now for the August security bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft® Windows® Malicious Software Removal Tool (KB890830)
    Brief Description
    This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

    Quick Details
    File Name: windows-kb890830-v3.10.exe
    Version: 3.10
    Knowledge Base (KB) Articles: KB890830
    Date Published: 8/10/2010
    Language: English
    Download Size: 11.5 MB
    http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Updates 08/18/10


    MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) - Version:1.1
    Severity Rating: Important - Revision Note: V1.1 (August 18, 2010): Added workaround for IPv6 Memory Corruption Vulnerability - CVE-2010-1892.

    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Revisions


    V1.0 (August 10, 2010): Bulletin published.


    V1.1 (August 18, 2010): Added workaround for IPv6 Memory Corruption Vulnerability - CVE-2010-1892.

    http://www.microsoft.com/technet/security/bulletin/MS10-058.mspx?pubDate=2010-08-18


    MS10-055 - Critical: Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) - Version:1.1
    Severity Rating: Critical - Revision Note: V1.1 (August 12, 2010): Added Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 to the Non-Affected Software table.

    Summary: This security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Revisions


    V1.0 (August 10, 2010): Bulletin published.


    V1.1 (August 12, 2010): Added Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 to the Non-Affected Software table.


    http://www.microsoft.com/technet/security/bulletin/MS10-055.mspx?pubDate=2010-08-12
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    TechNet Blogs > The Microsoft Security Response Center (MSRC) > Update on Security Advisory 2269673
    http://blogs.technet.com/b/msrc/archive/2010/08/31/update-on-security-advisory-2269673.aspx
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS10-056 - Critical
    Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (226963:cool:
    Published: August 10, 2010 | Updated: September 01, 2010

    Revisions


    V1.0 (August 10, 2010): Bulletin published.


    V1.1 (August 11, 2010): Corrected the update package names for Microsoft Office Word Viewer and Microsoft Office Compatibility Pack in the deployment reference tables. This is an informational change only. There were no changes to the security update files or detection logic.


    V1.2 (August 25, 2010): Added a link to Microsoft Knowledge Base Article 2269638 under Known Issues in the Executive Summary.


    V1.3 (September 1, 2010): Added note to the affected software table to inform customers using Word 2007 that in addition to security update package KB2251419, they also need to install the security update package KB2277947 to be protected from the vulnerabilities described in this bulletin.

    http://www.microsoft.com/technet/security/bulletin/MS10-056.mspx?pubDate=2010-09-01


    Microsoft Security Bulletin MS10-049 - Critical
    Vulnerabilities in SChannel could allow Remote Code Execution (980436)
    Published: August 10, 2010 | Updated: September 01, 2010

    Revisions


    V1.0 (August 10, 2010): Bulletin published.


    V1.1 (September 1, 2010): Corrected the bulletin replacement information for this update. This is an informational change only. There were no changes to the detection logic or the update files.

    http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx?pubDate=2010-09-01
     
Loading...
Thread Status:
Not open for further replies.