Microsoft Security Bulletin Summary for december 14 2010

Microsoft Security Bulletin Summary for december 14 2010

Microsoft Security Bulletin Summary for december 14 2010
Published: december 14 2010

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the Microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx

Critical (2)
Microsoft Security Bulletin MS10-090
Cumulative Security Update for Internet Explorer (2416400)
http://www.microsoft.com/technet/security/bulletin/ms10-090.mspx

Microsoft Security Bulletin MS10-091
Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
http://www.microsoft.com/technet/security/bulletin/ms10-091.mspx



Important (14)
Microsoft Security Bulletin MS10-092
Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
http://www.microsoft.com/technet/security/bulletin/ms10-092.mspx

Microsoft Security Bulletin MS10-093
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
http://www.microsoft.com/technet/security/bulletin/ms10-093.mspx



Microsoft Security Bulletin MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
http://www.microsoft.com/technet/security/bulletin/ms10-094.mspx

Microsoft Security Bulletin MS10-095
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (238567
http://www.microsoft.com/technet/security/bulletin/ms10-095.mspx

Microsoft Security Bulletin MS10-096
Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
http://www.microsoft.com/technet/security/bulletin/ms10-096.mspx

Microsoft Security Bulletin MS10-097
Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
http://www.microsoft.com/technet/security/bulletin/ms10-097.mspx

Microsoft Security Bulletin MS10-098
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
http://www.microsoft.com/technet/security/bulletin/ms10-098.mspx

Microsoft Security Bulletin MS10-099
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx

Microsoft Security Bulletin MS10-100
Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
http://www.microsoft.com/technet/security/bulletin/ms10-100.mspx

Microsoft Security Bulletin MS10-101
Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
http://www.microsoft.com/technet/security/bulletin/ms10-101.mspx

Microsoft Security Bulletin MS10-102
Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
http://www.microsoft.com/technet/security/bulletin/ms10-102.mspx

Microsoft Security Bulletin MS10-103
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx

Microsoft Security Bulletin MS10-104
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
http://www.microsoft.com/technet/security/bulletin/ms10-104.mspx

Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx

Moderate (1)


Microsoft Security Bulletin MS10-106
Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
http://www.microsoft.com/technet/security/bulletin/ms10-106.mspx




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft December Security Bulletins (Level 200)
Event ID: 1032454444



Language(s): English.
Product(s): Other.
Audience(s): IT Generalist.



Event Overview
Join us for a brief overview of the technical details of the December security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Jonathan Ness, Principal Security SDE Lead, MSRC, Microsoft Corporation




Register now for the December security bulletin webcast.

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

File Name:Size:windows-kb890830-v3.14.exe11.9MBDownload Quick Details

--------------------------------------------------------------------------------

Version:3.14Date Published:12/14/2010

http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

December 2010 Security Release ISO Image

File Name:
Size:
Windows-KB913086-201012.iso
3316.5MB
Download
Quick Details
Version:
913086
Date Published:
12/14/2010
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=41e8319b-7bea-423b-8f9d-f7f3aef55c62

 

Microsoft Security Bulletin Re-Releases - Dec. 14, 2010
Issued: December 14, 2010

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS10-083 - Important
* MS10-077 - Critical
* MS10-070 - Important

Bulletin Information:
=====================

* MS10-083 - Important
http://www.microsoft.com/technet/security/bulletin/ms10-083.mspx

- Reason for Revision: V2.0 (December 14, 2010): Added an update
FAQ to announce an additional update for Windows Vista
Service Pack 2 (KB97968 and Windows Server 2008 Service
Pack 2 (KB97968 for users who have installed Windows Search
4.0 on Windows Vista Service Pack 1 or Windows Server 2008,
then installed the security update offered in KB2405882, and
then migrated to Windows Vista Service Pack 2 or Windows
Server 2008 Service Pack 2. Customers in this scenario will
need to install the new update offered in KB2405882 to be
protected against the vulnerability described in this bulletin.
- Originally posted: October 12, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Important
- Version: 2.0

* MS10-077 - Critical


http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx
- Reason for Revision: V2.0 (December 14, 2010): Added an update
FAQ to announce that new update packages are available for
.NET Framework 4.0 to correct an issue in the setup that
could interfere with the successful installation of other
updates and/or products. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: October 12, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS10-070 - Important

http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
- Reason for Revision: V3.0 (December 14, 2010): Added an update
FAQ to announce that new update packages are available for
.NET Framework 4.0 (KB2416472) to correct an issue in the
setup that could interfere with the successful installation
of other updates and/or products. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: September 28, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Important
- Version: 3.0
--

 

Reason for Revision: V2.0 (December 15, 2010):
Announced the
availability of the security updates for Microsoft Office
2008 for Mac (KB2476512) and Open XML File Format Converter
for Mac (KB2476511). Microsoft recommends that users of these
software apply these updates at the earliest opportunity.
- Originally posted: November 9, 2010
- Updated: December 15, 2010
- Bulletin Severity Rating: Critical
- Version: 2.0

http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx

 

Microsoft Security Advisory Notification - Dec. 17, 2010
Issued: December 17, 2010

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (973811)
- Title: Extended Protection for Authentication

http://www.microsoft.com/technet/security/advisory/973811.mspx
- Revision Note: V1.9 (December 17, 2010): Removed the FAQ
entry, originally added December 14, 2010, about a
non-security update enabling Microsoft Outlook to opt in to
Extended Protection for Authentication.

 

On Tuesday, December 14, we released an update (KB2412171) for Microsoft Outlook 2007.

http://blogs.msdn.com/b/outlook/arc...-with-the-recent-update-for-outlook-2007.aspx

 

Microsoft Security Advisory (2488013)

Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 22, 2010

Version: 1.0

Revisions
• V1.0 (December 22, 2010): Advisory published.

http://www.microsoft.com/technet/security/advisory/2488013.mspx

 

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Published: January 04, 2011

Revisions
• V1.0 (January 4, 2011): Advisory published.

http://www.microsoft.com/technet/security/advisory/2490606.mspx