Microsoft Security Bulletin Summary for june 8, 2010

Microsoft Security Bulletin Summary for june 8, 2010

Microsoft Security Bulletin Summary for june 8, 2010
Published: june 8 2010
Note:There may be latency issues due to replication, if the page does not display keep refreshing

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx

Critical (3)

Microsoft Security Bulletin MS10-033 - Critical
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx

Microsoft Security Bulletin MS10-034 - Critical
Cumulative Security Update of ActiveX Kill Bits (980195)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx

Microsoft Security Bulletin MS10-035 - Critical
Cumulative Security Update for Internet Explorer (982381)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx


Important (7)
Microsoft Security Bulletin MS10-032 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx



Microsoft Security Bulletin MS10-036 - Important
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx?pubDate=2010-06-08

Microsoft Security Bulletin MS10-037 - Important
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (98021
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx

Microsoft Security Bulletin MS10-038 - Important
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx

Microsoft Security Bulletin MS10-039 - Important
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx

Microsoft Security Bulletin MS10-040 - Important
Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/MS10-040.mspx

Microsoft Security Bulletin MS10-041 - Important
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
Published: June 08, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

TechNet Webcast: Information About Microsoft June Security Bulletins (Level 200)
Event ID: 1032427727

Language(s): English.
Product(s): Security.
Audience(s): IT Generalist.


Duration: 90 Minutes
Start Date: Wednesday, June 09, 2010 11:00 AM Pacific Time (US & Canada)

Event Overview

Join us for a brief overview of the technical details of the June security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

Register now for the June security bulletin webcast.

 

Microsoft Windows Malicious Software Removal Tool (KB890830)
Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en


http://support.microsoft.com/kb/890830

 

Microsoft Security Advisory (2219475)
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
Published: June 10, 2010 | Updated: June 11, 2010
http://www.microsoft.com/technet/security/advisory/2219475.mspx

 

Microsoft Security Bulletin Updates 06/16/10


Microsoft Security Bulletin MS10-041 - Important
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
Published: June 08, 2010 | Updated: June 16, 2010

Revisions
•

V1.0 (June 8, 2010): Bulletin published.
•
V1.1 (June 16, 2010): Corrected the registry key verification for Microsoft .NET Framework 2.0 Service Pack 2.
http://www.microsoft.com/technet/security/bulletin/MS10-041.mspx?pubDate=2010-06-16


Microsoft Security Bulletin MS10-036 - Important
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Published: June 08, 2010 | Updated: June 16, 2010

Revisions•

V1.0 (June 8, 2010): Bulletin published.
•

V1.1 (June 16, 2010): Corrected the update file name for Microsoft Office Word 2007 in the Security Update Deployment section. Also added an entry to the update FAQ to explain why the update may be offered even when none of the affected software is present on the system.
http://www.microsoft.com/technet/security/bulletin/MS10-036.mspx?pubDate=2010-06-16


Microsoft Security Bulletin MS10-035 - Critical
Cumulative Security Update for Internet Explorer (982381)
Published: June 08, 2010 | Updated: June 16, 2010

Revisions
•

V1.0 (June 8, 2010): Bulletin published.
•

V1.1 (June 16, 2010): Corrected the Disable the IEDTExplorer Component workaround for CVE-2010-1261.
http://www.microsoft.com/technet/security/bulletin/MS10-035.mspx?pubDate=2010-06-16


Microsoft Security Bulletin MS10-033 - Critical
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
Published: June 08, 2010 | Updated: June 16, 2010

Revisions
•

V1.0 (June 8, 2010): Bulletin published.
•

V1.1 (June 9, 2010): Corrected bulletin replacement and notes for the Windows Media Format Runtime 9 update on Microsoft Windows 2000 Service Pack 4. These are informational changes only. There were no changes to the security update files or detection logic. Customers who have already successfully updated their systems do not need to take any action.
•

V1.2 (June 16, 2010): Added known issues notation in the Executive Summary and corrected the Disable decoding of MJPEG content in Quartz.dll workaround for CVE-2010-1880.
http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx?pubDate=2010-06-16


Microsoft Security Bulletin MS10-016 - Important
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
Published: March 09, 2010 | Updated: June 16, 2010

Revisions
•

V1.0 (March 9, 2010): Bulletin published.
•

V1.1 (March 17, 2010): Corrected the registry keys in the workaround, Remove the Microsoft Producer 2003 .MSProducer, .MSProducerZ, and .MSProducerBF file associations.
•

V2.0 (May 3, 2010): Corrected installation switches for Movie Maker 2.6 on Windows Vista and Windows 7. Also, announced availability of Microsoft Producer. Microsoft recommends that users of Microsoft Producer 2003 upgrade to the new version, Microsoft Producer.
•

V2.1 (June 16, 2010): Corrected installation switches and removal information for Movie Maker 2.6 on Windows Vista and Windows 7.
http://www.microsoft.com/technet/security/bulletin/MS10-016.mspx?pubDate=2010-06-16